Is Telco Cloud Platform affected by CVE-2026-22721?

Organizations using VMware Aria Operations should be aware of moderate risk from CVE-2026-22721, a improper privilege management vulnerability rated CVSS 6.2. Attackers could gain access beyond their authorized level.

CVE-2026-22721

MEDIUM

2026-02-25 [email protected]

6.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch Released

Mar 04, 2026 - 15:54 nvd

Patch available

CVE Published

Feb 25, 2026 - 21:16 nvd

MEDIUM 6.2

Description

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .

Analysis

Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileges to administrative level within Aria Operations. The vulnerability affects multiple Broadcom products including Telco Cloud Platform, Aria Operations, and Cloud Foundation, requiring administrative intervention but no user interaction to exploit. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +31

POC: 0

CVE-2026-22721 vulnerability details – vuln.today

Back

CVE-2026-22721

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-22721

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code