A critical authentication bypass vulnerability in a major cloud operations management platform has been added to the federal list of known exploited threats. This flaw allows unauthenticated remote attackers to gain administrative access to the management console, providing a direct path to manipulate cloud infrastructure.
Tracked as CVE-2026-22719, the vulnerability impacts VMware Aria Operations ❨formerly vRealize Operations❩. CISA added this to the KEV catalog on May 2, 2026, following reports of active exploitation in targeted intrusions against enterprise cloud environments. The flaw allows an adversary to bypass the login process entirely, enabling the theft of sensitive infrastructure data or the disruption of critical cloud services.
Cloud management tools are high-value targets because they maintain persistent, administrative access to entire clusters of virtualized resources. A compromise at this layer grants the attacker “god-mode” over the underlying infrastructure, bypassing individual guest-level security controls and silent exfiltration of configuration secrets.
– Immediately upgrade @[VMware](urn:li:organization:1145) Aria Operations to the latest security version ❨e.g., 8.16.x or higher❩ per vendor instructions.
– Audit all administrative login logs for unauthorized sessions or anomalous activity originating from unknown IP addresses.
– Strictly isolate the management interface of Aria Operations behind a Zero Trust gateway or VPN.
– Monitor for unauthorized changes to cloud resource configurations or the creation of new administrative accounts.
When the platform used to manage the cloud is compromised, the entire virtualized estate must be forensically treated as potentially breached. #CodeDefence #VMware #CloudSecurity #CISA #KEV
/
