{"id":"CVE-2026-22719","details":"VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. \n\nTo remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 \n\nWorkarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001","modified":"2026-03-13T21:48:58.841431Z","published":"2026-02-25T20:23:46.840Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22719"},{"type":"ADVISORY","url":"https://knowledge.broadcom.com/external/article/430349"},{"type":"ADVISORY","url":"https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html"},{"type":"FIX","url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"8.0"},{"fixed":"8.18.6"}]},{"events":[{"introduced":"4.0"},{"fixed":"5.2.3"}]},{"events":[{"introduced":"9.0"},{"fixed":"9.0.2.0"}]},{"events":[{"introduced":"2.2"},{"last_affected":"3.0"}]},{"events":[{"introduced":"4.0"},{"last_affected":"5.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22719.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}