Description
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
Affected products
- VMware / VMware Aria Operations8.18.6 – 8.18.6
- VMware / VMware Aria Operations8.18.0 – 8.18.6
- VMware / VMware Cloud Foundation9.0 – 9.0.2
- VMware / VMware Cloud Foundation5.2.3 – 5.2.3
- VMware / VMware Cloud Foundation9.0.2 – 9.0.2
- VMware / VMware Cloud Foundation4.0 – 5.2.3
- VMware / VMware Telco Cloud Infrastructure2.0 – 5.2.3
- VMware / VMware Telco Cloud Infrastructure5.2.3 – 5.2.3
- VMware / VMware Telco Cloud Platform4.0 – 5.2.3
- VMware / VMware Telco Cloud Platform5.2.3 – 5.2.3