Your infrastructure management tools are now a remote execution engine for attackers. 🛡️

Your infrastructure management tools are now a remote execution engine for attackers. 🛡️

CVE-2026-22719 · Severity High · Critical Command Injection in VMware Aria Operations.

The @[CISA](urn:li:organization:13010360) has added a high-severity flaw in @[Broadcom](urn:li:organization:1598) VMware Aria Operations (formerly vRealize Operations) to its Known Exploited Vulnerabilities catalog. This vulnerability allows an unauthenticated attacker to execute arbitrary commands with full system privileges while a support-assisted product migration is in progress.

Because these management platforms often have deep, privileged access to your entire virtualized estate, an RCE here is a “keys to the kingdom” scenario. Attackers are currently leveraging this to establish initial access and move laterally into sensitive internal segments.

The uncomfortable truth: The software you use to monitor and optimize your environment is currently one of your highest-risk points of failure.

→ Patch VMware Aria Operations to the latest security release immediately.

→ Disable support-assisted migration features if they are not actively required for operations.

→ Audit your appliance logs for unauthorized shell executions or anomalous migration activity.

Have you confirmed that your VMware management interfaces are isolated from the public internet? 👇

#Cybersecurity #Virtualization #ZeroTrust #PatchManagement #CISO #CodeDefence