VMware Patches Critical Command Injection Flaw

VMware has issued patches for several high- and medium-risk vulnerabilities affecting its Aria Operations, Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure products. The most severe of these flaws allows unauthenticated attackers to execute arbitrary commands on the underlying operating system, while another enables authenticated users to elevate their privileges to administrator level.

The vulnerabilities, tracked as CVE-2026-22719, CVE-2026-22720, and CVE-2026-22721, were privately reported to Broadcom, the parent company of VMware. According to the company, there is currently no evidence of in-the-wild exploitation of these vulnerabilities. However, critical Aria Operations vulnerabilities have been exploited in the past, and enterprise virtualization infrastructure has been targeted by state-sponsored threat actors.

The critical command injection vulnerability, CVE-2026-22719, is particularly concerning as it allows an unauthenticated attacker to execute arbitrary commands on the underlying operating system. This could potentially lead to a complete takeover of the system, allowing attackers to access sensitive data, disrupt operations, or spread malware.

VMware advises customers to upgrade to Aria Operations 8.18.6, as well as versions 5.2.3 or 9.0.2 of VMware Cloud Foundation (VCF). Additionally, VMware Telco Cloud Platform and Telco Cloud Infrastructure are also impacted because they include Aria Operations. The company recommends that customers apply the patches as soon as possible to prevent potential exploitation.

The vulnerabilities were discovered by an unnamed security researcher who privately reported them to Broadcom. The company has not disclosed any further information about the researcher or the discovery process.

This is not the first time VMware has faced security issues with its products. In the past, the company has addressed several critical vulnerabilities in its virtualization software, including a remote code execution flaw in its Workstation and Fusion products.

VMware's virtualization software is widely used in enterprise environments, making it a prime target for attackers. State-sponsored threat actors have been known to target virtualization infrastructure to gain access to sensitive data and disrupt operations.

In a statement, Broadcom said, "We take the security of our products very seriously and are committed to providing our customers with the highest level of protection. We recommend that customers apply the patches as soon as possible to prevent potential exploitation."

The company has also provided additional guidance and mitigation strategies for customers who are unable to apply the patches immediately.

The release of these patches highlights the importance of regular security updates and patch management in preventing cyber attacks. As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and proactive in protecting their infrastructure and data.

VMware customers are advised to review the company's security advisory and apply the patches as soon as possible to prevent potential exploitation.