CVE-2026-22721

medium

VMware

CVSS v3 Base Score

6.2

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS Score

0.1%

Exploitation probability in 30 days

Top 75% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Confidentiality

High

Integrity

High

Availability

Low

Published: February 25, 2026 (77 days ago)

Last Modified: March 4, 2026

Vendor: VMware

Description

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .

CWE

CWE-269

Affected Products

vmware aria operationsvmware cloud foundationvmware telco cloud infrastructurevmware telco cloud platform

References

🔗 support.broadcom.com 🔗 techdocs.broadcom.com

CVE-2026-22721

Vulnerability Report

Description

CWE

Affected Products

References