VMWARE Aria Operations has a high-severity vulnerability, CVE-2026-22719, that can be exploited by an unauthenticated attacker to achieve remote code execution. According to CISA, the flaw can be exploited without authentication, and a malicious unauthenticated actor may execute arbitrary commands while support-assisted product migration is in progress.
The issue has been patched, with Broadcom noting in a February 24 advisory that there are reports of potential exploitation in the wild, though they cannot independently confirm their validity. CISA added CVE-2026-22719 to its Known Exploited Vulnerabilities (KEV) catalog, instructing federal agencies to address it by 24 March. There appears to be no public information detailing confirmed in-the-wild attacks, and Broadcom emphasised vigilance while updating its advisory as potential exploitation emerged. 4 March 2026.