Multiple vulnerabilities in VMware Aria Operations were privately reported to Broadcom. Patches and workarounds are available to remediate or workaround this vulnerability in affected Broadcom products.
Here the Link to the Threat Center: Support Content Notification - Support Portal - Broadcom support portal
3a. VMware Aria Operations command injection vulnerability (CVE-2026-22719)
Description:
VMware Aria Operations contains a command injection vulnerability. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.
3b. VMware Aria Operations stored cross site scripting vulnerability (CVE-2026-22720)
Description:
VMware Aria Operations contains a stored cross-site scripting vulnerability. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.0.
3c. VMware Aria Operations privilege escalation vulnerability (CVE-2026-22721)
Description:
VMware Aria Operations contains a privilege escalation vulnerability. Broadcom has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.2.
