VMware has released patches for several high- and medium-risk vulnerabilities that impact its Aria Operations, Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure products. The most serious of these flaws allows unauthenticated attackers to execute arbitrary commands on the underlying OS, while another gives authenticated users the ability to elevate to administrator privileges. The issues — CVE-2026-22719, CVE-2026-22720, and CVE-2026-22721 — were privately reported to Broadcom and there is no evidence of in-the-wild exploitation so far. However, critical Aria Operations vulnerabilities have been exploited in the past and enterprise virtualization infrastructure has been ...