Skip to main content

VMware

Vendor security scorecard – 18 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 112
18
CVEs
1
Critical
10
High
1
KEV
0
PoC
8
Unpatched C/H
27.8%
Patch Rate
0.4%
Avg EPSS

Severity Breakdown

CRITICAL
1
HIGH
10
MEDIUM
6
LOW
1

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-22719 VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. HIGH 8.1 7.4% 98
KEV
CVE-2026-20794 Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an CRITICAL 9.3 0.0% 47
No patch
CVE-2025-62623 A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting HIGH 8.8 0.0% 44
No patch
CVE-2025-62624 A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting HIGH 8.8 0.0% 44
No patch
CVE-2026-20751 Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow HIGH 8.3 0.0% 42
No patch
CVE-2026-20879 Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow HIGH 8.3 0.0% 42
No patch
CVE-2026-22720 Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious scripts and execute arbitrary administrative actions within the platform. This vulnerability affects VMware, Broadcom, and Telco Cloud Infrastructure products with a CVSS score of 8.0, requiring user interaction to trigger the attack. Patches are available through VMSA-2026-0001. HIGH 8.0 0.1% 40
CVE-2026-41723 Stored cross-site scripting in VMware Cloud Foundation Operations (formerly Aria Operations) allows authenticated users with policy, view, or text-widget creation privileges to inject malicious scripts that execute in other users' browsers, including administrators. Affected products include VCF Operations 5.x through 9.1.x, VMware Aria Operations 8.18.x, and VMware Telco Cloud Platform 5.x. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV. HIGH 8.0 0.1% 40
No patch
CVE-2026-41702 Local privilege escalation in VMware Fusion allows authenticated users with non-administrative privileges to gain root access by exploiting a TOCTOU race condition in a SETUID binary. The vulnerability requires local access and low attack complexity (CVSS:3.1 AV:L/AC:L/PR:L), enabling complete system compromise on macOS hosts running affected Fusion versions. EPSS and KEV status data not available; exploitation requires existing local user access but can bypass all privilege boundaries once triggered. HIGH 7.8 0.0% 39
CVE-2026-53475 Credential interception in kubev2v assisted-migration-agent allows network-positioned attackers to harvest vCenter administrator credentials because the agent's vCenter client establishes TLS connections with certificate verification effectively disabled by default. The flaw, reported by Red Hat and tracked as EUVD-2026-36032, has no public exploit identified at time of analysis and an EPSS score of 0.01% (percentile 1%), but successful MITM exploitation yields full administrative access to the targeted vCenter. HIGH 7.4 0.0% 37
No patch
CVE-2025-62627 An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co HIGH 7.2 0.0% 36
No patch
CVE-2026-22721 Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileges to administrative level within Aria Operations. The vulnerability affects multiple Broadcom products including Telco Cloud Platform, Aria Operations, and Cloud Foundation, requiring administrative intervention but no user interaction to exploit. Patches are available through VMSA-2026-0001. MEDIUM 6.2 0.1% 31
CVE-2026-22715 VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. [CVSS 5.9 MEDIUM] MEDIUM 5.9 0.0% 30
No patch
CVE-2026-23215 The Linux kernel's VMware hypercall implementation improperly handles register state during mouse events, allowing local attackers with user privileges to trigger a denial of service through a kernel panic via crafted input to the vmmouse driver. The vulnerability stems from incomplete register preservation when the QEMU VMware mouse emulation clears the upper 32 bits of CPU registers containing kernel pointers. No patch is currently available for this medium-severity issue affecting Linux systems running on VMware or QEMU with vmmouse support. MEDIUM 5.5 0.0% 28
CVE-2026-41722 Stored cross-site scripting in VMware Cloud Foundation Operations (formerly VMware Aria Operations) allows authenticated users with policy, view, or text-widget creation privileges to inject scripts that execute in the browser context of other users, including administrators. The flaw spans VCF Operations 9.x, the legacy 5.x/Aria Operations 8.18.x line, and VMware Telco Cloud Platform 5.x, with a CVSS of 8.0 driven by high impact across confidentiality, integrity, and availability when a victim admin renders the malicious content. No public exploit identified at time of analysis and no EPSS or KEV signal is provided in the input. MEDIUM 5.4 0.1% 27
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy