Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability affecting VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, identified as CVE-2026-22719, is being actively exploited in the wild.

Key Points

• CISA added CVE-2026-22719 to its KEV catalog on Tuesday.
• The vulnerability affects Broadcom VMware Aria Operations.
• CVE-2026-22719 is a command injection flaw with a CVSS score of 8.1.
• The vulnerability is being actively exploited in the wild.

Analysis

The inclusion of CVE-2026-22719 in the KEV catalog underscores the urgency for organizations using VMware Aria Operations to address this vulnerability promptly. The command injection flaw, with its high CVSS score of 8.1, highlights the potential for significant security breaches if left unmitigated. Active exploitation in the wild further elevates the risk, necessitating immediate attention from IT security teams.

Conclusion

IT professionals should prioritize patching CVE-2026-22719 in VMware Aria Operations to mitigate the risk of exploitation. Regularly monitoring the KEV catalog for updates can help in maintaining robust security postures.