Broadcom has released patches for several vulnerabilities in VMware Aria Operations, including a critical command injection flaw (CVE-2026-22719) that can be exploited by unauthenticated attackers for remote code execution, as well as other high-severity issues like a stored XSS flaw (CVE-2026-22720).
The most critical takeaway for you is the urgent need to patch VMware Aria Operations due to a high-severity command injection vulnerability (CVE-2026-22719) that can allow unauthenticated remote code execution. Ensure that your security teams prioritize updating to version 9.0.2.0 of VMware Cloud Foundation and VMware vSphere Foundation, and version 8.18.6 of Aria Operations to mitigate potential exploitation risks, especially given Broadcom's history of not initially disclosing in-the-wild exploitation.