Your infrastructure management tools are now a remote execution engine for attackers. 🛡️
CVE-2026-22719 · Severity High · Critical Command Injection in VMware Aria Operations.
The @[CISA](urn:li:organization:13010360) has added a high-severity flaw in @[Broadcom](urn:li:organization:1598) VMware Aria Operations (formerly vRealize Operations) to its Known Exploited Vulnerabilities catalog. This vulnerability allows an unauthenticated attacker to execute arbitrary commands with full system privileges while a support-assisted product migration is in progress.
Because these management platforms often have deep, privileged access to your entire virtualized estate, an RCE here is a “keys to the kingdom” scenario. Attackers are currently leveraging this to establish initial access and move laterally into sensitive internal segments.
The uncomfortable truth: The software you use to monitor and optimize your environment is currently one of your highest-risk points of failure.
→ Patch VMware Aria Operations to the latest security release immediately.
→ Disable support-assisted migration features if they are not actively required for operations.
→ Audit your appliance logs for unauthorized shell executions or anomalous migration activity.
Have you confirmed that your VMware management interfaces are isolated from the public internet? 👇
#Cybersecurity #Virtualization #ZeroTrust #PatchManagement #CISO #CodeDefence