Insights from the Field

Introduction VMSA-2026-0001 addresses three vulnerabilities identified as CVE-2026-22719, CVE-2026-22720, and CVE-2026-22721. The advisory applies to VMware Aria Operations, a platform commonly integrated directly into vCenter environments for monitoring, analytics, and operational visibility. Aria Operations maintains authenticated connections to vCenter, collects configuration and performance data from ESXi hosts, and often integrates with Active Directory or other external

Introduction VMSA-2024-0012 is not a new advisory. It was originally published in 2024 and, at the time, clearly communicated the severity of the underlying issues. Many organizations reviewed it, assessed impact, and made decisions based on their patching cycles, operational constraints, or perceived exposure. What has changed is not the technical nature of the vulnerabilities, but the context in which they now exist.  In January 2026, Broadcom updated the advisory to confir

Special recognition to Lee Scites who collaborated on this article Introduction For the first time in Pwn2Own history, a researcher successfully compromised a VMware ESXi host, the very foundation of many enterprise virtualization environments. This occurred at Pwn2Own Berlin 2025, where Nguyen Hoang Thachof STARLabs SG leveraged a zero-day integer overflow vulnerability to execute code on the ESXi hypervisor from a guest VM. This isn’t just a competition milestone; it’s a wa