AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-22719: Broadcom VMware Aria Operations Command Injection Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesMarch 2, 2026CVE-2026-22719

Summary

Broadcom VMware Aria Operations contains a command injection vulnerability (a flaw that lets attackers insert malicious commands into the software) that allows unauthenticated attackers (those without login credentials) to execute arbitrary commands and potentially gain remote code execution (the ability to run any code on the system from a distance) during product migration support. This vulnerability is currently being actively exploited by attackers.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 7.4%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-77

CAPEC (Attack Pattern)

CAPEC-88

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-22719

First tracked: March 3, 2026 at 03:00 PM

Classified by LLM (prompt v3) · confidence: 95%