VMware Aria Operations CVE-2026-22719: Critical RCE Flaw Exploited in the Wild

A critical command injection vulnerability tracked as CVE-2026-22719 in VMware Aria Operations has been confirmed as actively exploited in the wild, according to CISA and BleepingComputer. The flaw allows unauthenticated attackers to execute arbitrary commands on affected appliances, enabling full remote code execution without any credential requirement. CISA added CVE-2026-22719 to its Known Exploited Vulnerabilities catalog on March 4, 2026, requiring federal agencies to patch within the standard remediation window.

Key Takeaways

• CVE-2026-22719 is a critical command injection flaw in VMware Aria Operations (formerly vRealize Operations); allows unauthenticated RCE on affected appliances
• Actively exploited in the wild as confirmed by CISA KEV catalog addition on March 4, 2026; federal agencies under BOD 22-01 patching obligations
• CVE-2026-21385, a second VMware-related vulnerability, was also added to CISA's KEV catalog simultaneously on March 4, 2026

Original source: BleepingComputer / CISA