Platform
vmware
Component
vmware-aria-operations
Fixed in
8.18.6
5.2.3
9.0.2
5.2.3
CVE-2026-22721 represents a privilege escalation vulnerability discovered in VMware Aria Operations. Successful exploitation allows a malicious actor with existing privileges in vCenter to elevate their access and obtain administrative control within VMware Aria Operations. This vulnerability impacts versions 2.0 through 9.0.2, and a patch is available in version 9.0.2.
This vulnerability poses a significant risk to organizations utilizing VMware Aria Operations, as it enables unauthorized privilege escalation. An attacker who already possesses limited access within vCenter can leverage this flaw to bypass access controls and gain full administrative rights within Aria Operations. This could lead to unauthorized configuration changes, data breaches, and potential disruption of monitoring and management operations. The impact is amplified in environments where Aria Operations is tightly integrated with other critical infrastructure components, as a compromised Aria Operations instance could serve as a stepping stone for broader attacks.
CVE-2026-22721 was publicly disclosed on February 25, 2026. Its inclusion in VMware Security Advisory VMSA-2026-0001 indicates a serious concern. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability's potential for privilege escalation warrants careful monitoring, and organizations should prioritize patching to prevent exploitation. The EPSS score is pending evaluation.
Exploit Status
EPSS
0.03% (7% percentile)
CISA SSVC
The primary mitigation for CVE-2026-22721 is to immediately apply the security patch released by VMware. Upgrade to version 9.0.2 or later to address the vulnerability. If upgrading is not immediately feasible, review the VMware Security Advisory (VMSA-2026-0001) for potential temporary workarounds, such as restricting access to Aria Operations from vCenter or implementing stricter authentication policies. Monitor vCenter logs for suspicious activity related to Aria Operations access. After applying the upgrade, confirm remediation by verifying that users with vCenter privileges no longer have the ability to escalate privileges within Aria Operations.
To remediate CVE-2026-22721, apply the patches indicated in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001. See the provided link in the references for more details and specific instructions on applying the appropriate patches for your version of VMware Aria Operations.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22721 is a vulnerability in VMware Aria Operations allowing attackers with vCenter privileges to gain administrative access. It's rated MEDIUM severity (CVSS 6.2) and affects versions 2.0–9.0.2.
If you are running VMware Aria Operations versions 2.0 through 9.0.2 and have vCenter access, you are potentially affected. Upgrade to 9.0.2 to mitigate the risk.
Apply the security patch released by VMware. Upgrade to version 9.0.2 or later. Refer to VMSA-2026-0001 for detailed instructions.
As of now, there are no publicly known active exploits. However, the potential for privilege escalation warrants proactive patching.
You can find the official advisory on the Broadcom Support website: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.