CVE-2026-22719

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 4 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

2.1%

probability

This CVE has a 2.1% probability of being exploited in the next 30 days.

0% Top 84.3th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77 · Command Injection

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA-Advisories Mar 03, 2026

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

TheHackerNews Mar 04, 2026

VMware Aria Operations Vulnerability Exploited in the Wild

SecurityWeek Mar 04, 2026

CISA flags VMware Aria Operations RCE flaw as exploited in attacks

BleepingComputer Mar 03, 2026

Signal Intelligence

Confidenceⓘ

85%

EPSS 2.1%

Mentions 4

Last Seen Mar 04, 2026

CNA Information

Analyst Note

CVE-2026-22719 is confirmed as a zero-day: CISA officially added it to the KEV Catalog based on active exploitation evidence, multiple sources document in-the-wild exploitation of this VMware Aria Operations RCE vulnerability, and SecurityWeek explicitly states it was 'recently patched' while being exploited—indicating exploitation preceded or coincided with patch availability.

Triage Info

Decided atMar 05, 2026