[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-22719":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-07T09:11:40.124Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":52,"aliases":53,"duplicate_of":9,"upstream":54,"downstream":55,"duplicates":56,"related":57,"reserved_at":9,"published_at":58,"modified_at":59,"state":60,"summary":61,"references_raw":72,"kevs":96,"epss":107,"epss_history":110,"metrics":231,"affected":239},"CVE-2026-22719","VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. \n\nTo remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 \n\nWorkarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-77","Improper Neutralization of Special Elements used in a Command ('Command Injection')","The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","weakness","Draft","Class","High",[20,24,28,32,36,40,44,48],{"id":21,"name":22,"techniques":23},"CAPEC-136","LDAP Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-183","IMAP/SMTP Command Injection",[],{"id":33,"name":34,"techniques":35},"CAPEC-248","Command Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-40","Manipulating Writeable Terminal Devices",[],{"id":41,"name":42,"techniques":43},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":45,"name":46,"techniques":47},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":49,"name":50,"techniques":51},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[],[],[],[],[],"2026-02-25T19:18:59.269Z","2026-03-04T04:55:10.596Z","Analyzed",{"cisa_kev":62,"cisa_ransomware":63,"cisa_vendor":64,"epss_severity":65,"epss_score":66,"severity":67,"severity_score":68,"severity_version":69,"severity_source":70,"severity_vector":71,"severity_status":60},true,false,"Broadcom","low",0.02066,"high",8.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",[73,80,85,90],{"url":74,"sources":75,"tags":77},"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947",[70,76],"nvd",[78,79],"Vendor Advisory","Patch",{"url":81,"sources":82,"tags":83},"https://knowledge.broadcom.com/external/article/430349",[70,76],[84,78],"Mitigation",{"url":86,"sources":87,"tags":88},"https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html",[70,76],[89],"Release Notes",{"url":91,"sources":92,"tags":93},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22719",[70,76],[94,95],"Government Resource","US Government Resource",[97],{"source":98,"vendor":64,"product":99,"date_added":100,"vulnerability_name":101,"short_description":102,"required_action":103,"due_date":104,"known_ransomware_campaign_use":105,"notes":106,"exploitation_type":9},"cisa","VMware Aria Operations","2026-03-03","Broadcom VMware Aria Operations Command Injection Vulnerability","Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support‑assisted product migration.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-03-24","Unknown","https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719",{"date":108,"score":66,"percentile":109},"2026-04-06",0.83889,[111,115,119,121,124,127,130,134,138,141,144,147,150,153,156,159,162,165,168,171,174,177,179,182,186,189,192,194,197,200,203,206,209,212,215,218,221,224,227,230],{"date":112,"score":113,"percentile":114},"2026-02-26",0.00336,0.55984,{"date":116,"score":117,"percentile":118},"2026-02-27",0.00333,0.55695,{"date":120,"score":117,"percentile":118},"2026-02-28",{"date":122,"score":117,"percentile":123},"2026-03-01",0.55818,{"date":125,"score":117,"percentile":126},"2026-03-02",0.55808,{"date":100,"score":128,"percentile":129},0.0047,0.643,{"date":131,"score":132,"percentile":133},"2026-03-04",0.10756,0.93203,{"date":135,"score":136,"percentile":137},"2026-03-05",0.07353,0.91552,{"date":139,"score":136,"percentile":140},"2026-03-06",0.91554,{"date":142,"score":136,"percentile":143},"2026-03-07",0.91558,{"date":145,"score":136,"percentile":146},"2026-03-08",0.91555,{"date":148,"score":136,"percentile":149},"2026-03-09",0.91553,{"date":151,"score":136,"percentile":152},"2026-03-10",0.91557,{"date":154,"score":136,"percentile":155},"2026-03-11",0.91569,{"date":157,"score":136,"percentile":158},"2026-03-12",0.91574,{"date":160,"score":136,"percentile":161},"2026-03-13",0.91577,{"date":163,"score":136,"percentile":164},"2026-03-14",0.9158,{"date":166,"score":136,"percentile":167},"2026-03-15",0.91582,{"date":169,"score":136,"percentile":170},"2026-03-16",0.9159,{"date":172,"score":136,"percentile":173},"2026-03-17",0.91602,{"date":175,"score":136,"percentile":176},"2026-03-18",0.91605,{"date":178,"score":136,"percentile":176},"2026-03-19",{"date":180,"score":136,"percentile":181},"2026-03-20",0.91615,{"date":183,"score":184,"percentile":185},"2026-03-21",0.01977,0.83425,{"date":187,"score":184,"percentile":188},"2026-03-22",0.8342,{"date":190,"score":184,"percentile":191},"2026-03-23",0.83421,{"date":104,"score":184,"percentile":193},0.83428,{"date":195,"score":184,"percentile":196},"2026-03-25",0.83447,{"date":198,"score":184,"percentile":199},"2026-03-26",0.83472,{"date":201,"score":184,"percentile":202},"2026-03-27",0.83479,{"date":204,"score":184,"percentile":205},"2026-03-28",0.83487,{"date":207,"score":66,"percentile":208},"2026-03-29",0.83846,{"date":210,"score":66,"percentile":211},"2026-03-30",0.83848,{"date":213,"score":66,"percentile":214},"2026-03-31",0.83855,{"date":216,"score":66,"percentile":217},"2026-04-01",0.83862,{"date":219,"score":66,"percentile":220},"2026-04-02",0.83876,{"date":222,"score":66,"percentile":223},"2026-04-03",0.83881,{"date":225,"score":66,"percentile":226},"2026-04-04",0.83892,{"date":228,"score":66,"percentile":229},"2026-04-05",0.83888,{"date":108,"score":66,"percentile":109},[232,237],{"source":70,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":233,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":234,"vectorString":71,"impactScore":235,"exploitabilityScore":236},"HIGH",9.8,5.6,{"source":76,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":238,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":234,"vectorString":71,"impactScore":235,"exploitabilityScore":236},[240,256,268,277,288],{"ecosystem":9,"name":241,"vendor":242,"product":243,"cpe_part":244,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":245},"aria operations","vmware","aria_operations","a",[246,252],{"version":247,"is_range":62,"range_type":70,"version_start":248,"version_start_type":249,"version_end":250,"version_end_type":251,"fixed_in":9},">= 8.18.0, \u003C 8.18.6","8.18.0","including","8.18.6","excluding",{"version":253,"is_range":62,"range_type":254,"version_start":255,"version_start_type":249,"version_end":250,"version_end_type":251,"fixed_in":9},"gte8.0_lt8.18.6","cpe","8.0",{"ecosystem":9,"name":257,"vendor":242,"product":258,"cpe_part":244,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":259},"cloud foundation","cloud_foundation",[260,264],{"version":261,"is_range":62,"range_type":254,"version_start":262,"version_start_type":249,"version_end":263,"version_end_type":251,"fixed_in":9},"gte4.0_lt5.2.3","4.0","5.2.3",{"version":265,"is_range":62,"range_type":254,"version_start":266,"version_start_type":249,"version_end":267,"version_end_type":251,"fixed_in":9},"gte9.0_lt9.0.2.0","9.0","9.0.2.0",{"ecosystem":9,"name":269,"vendor":242,"product":270,"cpe_part":244,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":271},"Cloud Foundationcust","cloud foundationcust",[272,275],{"version":273,"is_range":62,"range_type":70,"version_start":266,"version_start_type":249,"version_end":274,"version_end_type":251,"fixed_in":9},">= 9.0, \u003C 9.0.2","9.0.2",{"version":276,"is_range":62,"range_type":70,"version_start":262,"version_start_type":249,"version_end":263,"version_end_type":251,"fixed_in":9},">= 4.0, \u003C 5.2.3",{"ecosystem":9,"name":278,"vendor":242,"product":279,"cpe_part":244,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":280},"telco cloud infrastructure","telco_cloud_infrastructure",[281,284],{"version":282,"is_range":62,"range_type":70,"version_start":283,"version_start_type":249,"version_end":263,"version_end_type":251,"fixed_in":9},">= 2.0, \u003C 5.2.3","2.0",{"version":285,"is_range":62,"range_type":254,"version_start":286,"version_start_type":249,"version_end":287,"version_end_type":249,"fixed_in":9},"gte2.2_lte3.0","2.2","3.0",{"ecosystem":9,"name":289,"vendor":242,"product":290,"cpe_part":244,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":291},"telco cloud platform","telco_cloud_platform",[292,293],{"version":282,"is_range":62,"range_type":70,"version_start":283,"version_start_type":249,"version_end":263,"version_end_type":251,"fixed_in":9},{"version":294,"is_range":62,"range_type":254,"version_start":262,"version_start_type":249,"version_end":295,"version_end_type":249,"fixed_in":9},"gte4.0_lte5.1","5.1"]