Yesterday CISA announced that they had added a command injection vulnerability in the VMware Aria Operations product to the CISA’s Known Exploited Vulnerabilities (KEV) catalog. The vulnerability had been previously disclosed by Broadcom. Broadcom updated that advisory yesterday, noting that: “Broadcom is aware of reports of potential exploitation of CVE-2026-22719 in the wild, but we cannot independently confirm their validity.”
CISA has
directed federal agencies using the affected product to apply “mitigations
per vendor instructions, follow applicable BOD 22-01 guidance for cloud
services, or discontinue use of the product if mitigations are unavailable.” A
deadline of March 24th, 2026 has been established to accomplish
those actions.
Posts
No comments:
Post a Comment