ACCORDING to Known Exploited Vulnerabilities Catalog, Broadcom VMware Aria Operations (formerly known as vRealize Operations) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support-assisted product migration. The CVE is CVE-2026-22719, with related CWE-77 noted. The entry states that it is unknown whether it is used in ransomware campaigns. Date Added is 3 March 2026 and Due Date is 24 March 2026.
Action advised includes applying mitigations per vendor instructions, following applicable BOD 22-01 guidance for cloud services, or discontinuing use of the product if mitigations are unavailable.