US Cybersecurity Adds Exploited VMware Aria Operations To KEV Catalog
Source: Slashdot
Overview
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability, tracked as CVE‑2026‑22719, to its Known Exploited Vulnerabilities (KEV) catalog. The agency flags the flaw as being exploited in attacks and requires federal civilian agencies to address it by March 24, 2026.
Vulnerability Details
“A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support‑assisted product migration is in progress.”
- Product affected: VMware Aria Operations – an enterprise monitoring platform for servers, networks, and cloud infrastructure.
- Impact: Remote code execution (RCE) through unauthenticated command execution.
- Exploitation status: Reported as actively exploited in the wild, though details on the attackers, exploitation methods, and scale remain undisclosed.
Broadcom, the vendor, acknowledges reports of exploitation but cannot confirm the claims.
Mitigation and Patch
- Patch release: Broadcom issued security patches on February 24, 2026.
- Temporary workaround: For environments that cannot apply the patches immediately, Broadcom provides a shell script workaround:
# aria-ops-rce-workaround.sh
# Execute as root on each Aria Operations appliance nodeThe script, named aria-ops-rce-workaround.sh, must be run as root on each appliance node. The full instructions are available in Broadcom’s knowledge base article: .
References
- CISA alert: CISA adds two known exploited vulnerabilities to catalog
- Hacker News coverage: CISA adds actively exploited VMware vulnerability
- CVE record: CVE‑2026‑22719
- Broadcom knowledge base: Aria Ops RCE Workaround