Broadcom advises clients to improve to Aria Operations 8.18.6, in addition to variations 5.2.3 or 9.0.2 VMware Cloud Basis (VCF). VMware Telco Cloud Platform and Telco Cloud Infrastructure are additionally impacted as a result of they embrace Aria Operations, the IT administration part for personal and multicloud environments.
Command injection and privilege escalation
Regardless that CVE-2026-22719 is an unauthenticated command injection flaw that may result in distant code execution, the vulnerability is rated excessive fairly than crucial severity as a result of it may possibly solely be exploited when support-assisted product migration is in progress, making widespread exploitation much less seemingly.
By comparability in 2023 following the disclosure of a command injection flaw in Aria Operations for Networks, security corporations detected nearly 700,000 assault makes an attempt.
