Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Severe vulnerabilities in VMware products, including VMware Aria Operations, could be exploited to achieve remote code execution and/or escalate privileges, Patch Immediately!
Image
Published : 25/02/2026
- Last update: 25/02/2026
- Affected software:
→ VMWare Aria Operations
→ VMware Cloud Foundation
→ VMware Telco Cloud Platform
→ VMware Telco Cloud Infrastructure- Type:
→ Remote Code Execution (RCE)
→ Privilege Escalation- CVE/CVSS
→ CVE-2026-22719: CVSS 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2026-22720: CVSS 8.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
→ CVE-2026-22721: CVSS 6.2 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L)
Sources
VMware Advisory - https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
Risks
Broadcom released an advisory in February 2026 for three vulnerabilities affecting their cloud technology VMware Aria Operations, VMWare Cloud Foundation, VMWare Telco Cloud Platform and VMware Telco Cloud Infrastructure.
VMware is a popular technology that is often targeted by threat actors, including ransomware groups. While Broadcom does not report in the wild exploitation (cut-off date: 25 February 2026), it is likely that threat actors will attempt to exploit these vulnerabilities in order to gain access to cloud technology.
Description
CVE-2026-22719 is a command injection vulnerability. A remote, unauthenticated attacker may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.
For this particular vulnerability, there is both a fix and a workaround available (see “Recommended actions” below).
CVE-2026-22720 is a cross-scripting vulnerability. Successful exploitation would enable a malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.
There is no workaround for this vulnerability.
CVE-2026-22721 is a medium privilege escalation vulnerability. A threat actor with privileges in vCenter could exploit it to access Aria Operations and obtain administrative access in VMware Aria Operations.
There is no workaround for this vulnerability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
To know which patch to apply based on product version, please refer to the Response Matrix: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
Please note there is a workaround available for CVE-2026-22719 only. This workaround does not mitigate CVE-2026-22720 and CVE-2026-22721: https://knowledge.broadcom.com/external/article/430349.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
VMware workaround instructions for CVE-2026-22719 - https://knowledge.broadcom.com/external/article/430349