What is CVE-2026-22721?

CVE-2026-22721 is a medium-severity vulnerability in Vmware Aria Operations, classified under Improper Privilege Management. CVSS score: 6.2/10. Published 2026-02-25.

How severe is CVE-2026-22721?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Privilege escalation in Vmware Aria Operations

CVE-2026-22721

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To reme…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (9.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L.

Affected products

Vmware Aria Operations — versions 8.18.0, 8.18.6
Vmware Cloud Foundation — versions 4.0, 9.0, 5.2.3
Vmware Telco Cloud Infrastructure — versions 2.0, 5.2.3
Vmware Telco Cloud Platform — versions 4.0, 5.2.3

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

VMSA-2026-0001: VMware Aria Operations updates (includes CVE-2026-22721) (vendor-advisory)
VMware Aria Operations 8.18.6 Release Notes (resolves CVE-2026-22721) (release-notes)

Frequently asked questions

What is CVE-2026-22721?: CVE-2026-22721 is a medium-severity vulnerability in Vmware Aria Operations, classified under Improper Privilege Management. CVSS score: 6.2/10. Published 2026-02-25.
How severe is CVE-2026-22721?: Medium severity. CVSS v3 base score is 6.2 out of 10.