{"id":148,"date":"2026-03-04T06:27:01","date_gmt":"2026-03-04T06:27:01","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=148"},"modified":"2026-03-04T06:27:01","modified_gmt":"2026-03-04T06:27:01","slug":"cisa-adds-actively-exploited-vmware-aria-operations-flaw-cve-2026-22719-to-kev-catalog","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=148","title":{"rendered":"CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Mar 04, 2026<\/span><\/span>Vulnerability \/ Enterprise Security<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added<\/a> a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV<\/a>) catalog, citing active exploitation in the wild.<\/p>\n

The high-severity vulnerability, CVE-2026-22719<\/a><\/strong> (CVSS score: 8.1), has been described as a case of command injection that could allow an unauthenticated attacker to execute arbitrary commands.<\/p>\n

\u00abA malicious unauthenticated actor may exploit this issue to execute arbitrary commands, which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress,\u00bb the company said<\/a> in an advisory released late last month.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

The shortcoming was addressed, along withCVE-2026-22720, a stored cross-site scripting vulnerability, and CVE-2026-22721, a privilege escalation vulnerability that could result in administrative access. It impacts the following products –<\/p>\n