Plattform
vmware
Komponente
vmware-aria-operations
Behoben in
8.18.6
5.2.3
9.0.2
5.2.3
CVE-2026-22721 represents a privilege escalation vulnerability discovered in VMware Aria Operations. Successful exploitation allows a malicious actor with existing privileges in vCenter to elevate their access and obtain administrative control within VMware Aria Operations. This vulnerability impacts versions 2.0 through 9.0.2, and a patch is available in version 9.0.2.
This vulnerability poses a significant risk to organizations utilizing VMware Aria Operations, as it allows attackers to bypass standard access controls. An attacker who already possesses limited privileges within vCenter can exploit this flaw to gain full administrative access to Aria Operations, potentially leading to unauthorized configuration changes, data breaches, and disruption of monitoring and management operations. The ability to escalate privileges within a critical management platform like Aria Operations could have cascading effects on the entire infrastructure it oversees, impacting application performance and availability.
CVE-2026-22721 was publicly disclosed on February 25, 2026. Its current KEV status is unknown. Public proof-of-concept exploits are not currently available, but the potential for exploitation exists given the privilege escalation nature of the vulnerability. Organizations should prioritize patching to mitigate this risk.
Organizations heavily reliant on VMware Aria Operations for monitoring and management are particularly at risk. This includes those with complex vCenter environments, shared vCenter instances, or legacy Aria Operations deployments that have not been regularly patched. Environments where Aria Operations is used to manage critical infrastructure components are also at heightened risk.
• vmware: Examine Aria Operations logs for unusual privilege elevation attempts. Use VMware vSphere CLI to audit user permissions and access controls.
# Example: Check user permissions in vSphere
esxcli user perf-manager/get --username <username>• generic web: Monitor Aria Operations web interface access logs for suspicious login attempts or unauthorized configuration changes.
grep "<vcenter_ip>" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.03% (7% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-22721 is to immediately apply the security patch released by VMware. Upgrade to version 9.0.2 or later to address the vulnerability. If immediate patching is not feasible due to compatibility concerns or testing requirements, review VMware's advisory (VMSA-2026-0001) for potential temporary workarounds or compensating controls. Monitor vCenter access logs for suspicious activity and implement stricter access controls to limit the potential impact of a successful exploit. After applying the upgrade, confirm remediation by verifying that the user with vCenter access no longer possesses the ability to escalate privileges within Aria Operations.
Um die Schwachstelle CVE-2026-22721 zu beheben, wenden Sie die Patches an, die in der Spalte 'Fixed Version' der 'Response Matrix' in VMSA-2026-0001 aufgeführt sind. Weitere Details und spezifische Anweisungen zum Anwenden der Patches für Ihre Version von VMware Aria Operations finden Sie im bereitgestellten Link.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22721 is a vulnerability in VMware Aria Operations allowing attackers with vCenter privileges to gain administrative access. It's rated MEDIUM severity (CVSS 6.2) and affects versions 2.0–9.0.2.
If you are running VMware Aria Operations versions 2.0 through 9.0.2 and have vCenter access, you are potentially affected. Upgrade to 9.0.2 to mitigate the risk.
Apply the security patch released by VMware. Upgrade to version 9.0.2 or later. Refer to VMSA-2026-0001 for detailed instructions.
As of now, there are no publicly known active exploits. However, the potential for privilege escalation warrants proactive patching.
You can find the official advisory on the Broadcom Support website: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.