- 41/2026
- High
VMware has released a security update to fix several vulnerabilities across multiple VMware products.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, gain elevated administrative privileges, execute arbitrary commands, and gain access to the affected system.
Sample of addressed vulnerabilities:
1. VMware Aria Operations Command Injection Vulnerability (CVE-2026-22719):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. VMware Aria Operations Stored Cross-Site Scripting Vulnerability (CVE-2026-22720):
- CVSS: 8.0
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
The affected products:
- VMware Aria Operations.
- VMware Cloud Foundation.
- VMware Telco Cloud Platform.
- VMware Telco Cloud Infrastructure.
Vulnerabilities
- CVE-2026-22719
- CVE-2026-22720
- CVE-2026-22721
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.