Ref# ADV2026_129 | Date: Mar 4th 2026

---

VMware published a security advisory highlighting vulnerabilities in the following products on February 24, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated.

Update 1

On March 3, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-22719 to their Known Exploited Vulnerabilities (KEV) Database.

• VMware Cloud Foundation – versions prior to 9.0.2.0
• VMware vSphere Foundation – versions prior to 9.0.2.0
• VMware Aria Operations – versions prior to 8.18.6

For more information on these updates, you can follow these URLs:

• VMSA-2026-0001: VMware Aria Operations updates address multiple vulnerabilities (CVE-2026-22719, CVE-2026-22720 and CVE-2026-22721)
• Security Advisories – VMware Cloud Foundation
• CISA KEV: CVE-2026-22719

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: VMware Security Advisory-Update 1

References

• VMware Security Advisory (March 3rd, 2026). Retrieved from VMware. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
• VMware Security Advisory. (March 3rd, 2026). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/vmware-security-advisory-av26-162