{"id":219597,"date":"2026-03-03T18:40:00","date_gmt":"2026-03-03T23:40:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/03\/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks\/"},"modified":"2026-03-03T20:15:15","modified_gmt":"2026-03-04T01:15:15","slug":"cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/03\/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks\/","title":{"rendered":"CISA flags VMware Aria Operations RCE flaw as exploited in attacks"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks\/\">CISA flags VMware Aria Operations RCE flaw as exploited in attacks<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-03 18:40:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability\u00a0tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.<\/p>\n<p>Broadcom also warned that it is aware of reports indicating the vulnerability is exploited but says it cannot independently confirm the claims.<\/p>\n<p>VMware Aria Operations is an enterprise monitoring platform that helps organizations track the performance and health of servers, networks, and cloud infrastructure.<\/p>\n<p>The vulnerability was originally disclosed and patched on February 24, 2026, as part of VMware&#8217;s VMSA-2026-0001 advisory, which was rated Important with a CVSS score of 8.1.<\/p>\n<p>The flaw has now been added to the CISA&#8217;s\u00a0Known Exploited Vulnerabilities (KEV) catalog, with the US cyber agency requiring federal civilian agencies to address the issue by March 24, 2026.<\/p>\n<p>In a recent update to the advisory, Broadcom said it is aware of reports indicating the vulnerability is exploited in attacks but cannot confirm the claims.<\/p>\n<p>&#8220;Broadcom is aware of reports of potential exploitation of CVE-2026-22719 in the wild, but we cannot independently confirm their validity,&#8221; states the updated advisory.<\/p>\n<p>At this time, no technical details about how the flaw may be exploited have been publicly disclosed.<\/p>\n<p>BleepingComputer contacted Broadcom with questions regarding the reported activity, but has not received a response.<\/p>\n<h2>The command injection flaw<\/h2>\n<p>According to Broadcom, CVE-2026-22719 is a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands on vulnerable systems.<\/p>\n<p>&#8220;A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress,&#8221; the advisory explains.<\/p>\n<p>Broadcom released security patches on February 24 and also provided a temporary workaround for&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA flags VMware Aria Operations RCE flaw as exploited in attacks https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks\/ Publish Date: 2026-03-03&#8230;<\/p>\n","protected":false},"author":1,"featured_media":219598,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2023\/10\/25\/VMware_red.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-219597","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219597"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=219597"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219597\/revisions"}],"predecessor-version":[{"id":219599,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219597\/revisions\/219599"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/219598"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=219597"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=219597"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=219597"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}