VYPR

Aria Operations

by VMware

CVEs (24)

  • CVE-2026-22719KEVFeb 25, 2026
    risk 0.12cvss epss 0.17

    VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.  …

  • CVE-2025-41244KEVSep 29, 2025
    risk 0.12cvss epss 0.08

    VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this…

  • CVE-2026-22721Feb 25, 2026
    risk 0.00cvss epss 0.01

    VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches…

  • CVE-2026-22720Feb 25, 2026
    risk 0.00cvss epss 0.00

    VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.  To remediate CVE-2026-22720, apply the patches…

Page 2 of 2