Vmware

• CISA Says CVE-2026-22719 Is Being Exploited. Broadcom Says It Can't Confirm That. March 27, 2026

  CISA added a high-severity unauthenticated command injection flaw in VMware Aria Operations to its Known Exploited Vulnerabilities catalog on March 3. The federal patching deadline has passed. Broadcom acknowledges reports of exploitation but says it cannot independently confirm them.