Aria Operations
by VMware
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22719 | 0.12 | — | 0.17 | KEV | Feb 25, 2026 | VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. … | ||
| CVE-2025-41244 | 0.12 | — | 0.08 | KEV | Sep 29, 2025 | VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this… | ||
| CVE-2026-22721 | 0.00 | — | 0.01 | Feb 25, 2026 | VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches… | |||
| CVE-2026-22720 | 0.00 | — | 0.00 | Feb 25, 2026 | VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches… |
- risk 0.12cvss —epss 0.17
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. …
- risk 0.12cvss —epss 0.08
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this…
- CVE-2026-22721Feb 25, 2026risk 0.00cvss —epss 0.01
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches…
- CVE-2026-22720Feb 25, 2026risk 0.00cvss —epss 0.00
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches…
Page 2 of 2