Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud environments.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

A high-severity command injection vulnerability (CVE-2026-22719, CVSS 8.1) in VMware Aria Operations has been added to CISA's Known Exploited Vulnerabilities catalog. The flaw requires no authentication and can grant root access during a product migration window, potentially exposing an attacker to an organization's entire virtual infrastructure including credentials, network topology, and monitoring data. Broadcom has acknowledged reports of in-the-wild exploitation and urges customers to patch to version 8.18.6 or apply a workaround immediately. Security experts warn that compromising a cloud management platform like Aria Operations gives attackers outsized access, noting that threat groups like Scattered Spider, Qilin, and Lazarus Group have previously targeted VMware management infrastructure.

VMware Aria Operations Bug Exploited, Cloud Resources at Risk