VMware security advisory (AV26-162) – Update 1

Serial number: AV26-162
Date: February 24, 2026
Updated: March 3, 2026

On February 24, 2026, VMware published a security advisory to address vulnerabilities in the following products:

Update 1
On March 3, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-22719 to their Known Exploited Vulnerabilities (KEV) Database.

• VMware Cloud Foundation – versions prior to 9.0.2.0
• VMware vSphere Foundation – versions prior to 9.0.2.0
• VMware Aria Operations – versions prior to 8.18.6

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• VMSA-2026-0001: VMware Aria Operations updates address multiple vulnerabilities (CVE-2026-22719, CVE-2026-22720 and CVE-2026-22721)
• Security Advisories - VMware Cloud Foundation
• CISA KEV: CVE-2026-22719