CVE-2026-22719 has direct impact to Aria Operations 8.18.x, and Aria Operations 9.0.x 

This vulnerability and its impact on the mentioned VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:

CVE-2026-22719  - VMSA-2026-0001

See the Change log at the end of this article for all changes and subscribe to the article for updates.

• Aria Operations version 8 up to and including 8.18.5
• Aria Operations version 9 up to and including 9.0.1

This issue is resolved in: 

• Aria Operations 8.18.6
• Aria Operations 9.0.2
• VCF 5.2.3
• VCF 9.0.2

Please note that it is not necessary to revert the workaround steps in this article before upgrading to a fixed release of Aria Operations

WORKAROUND

The workaround described in this document is meant to be a temporary solution only and is intended to ONLY address CVE-2026-22719.

IMPORTANT: Please note that this workaround DOES NOT mitigate CVE-2026-22720 and CVE-2026-22721 which are also mentioned in VMSA-2026-0001. To mitigate those you must upgrade to the latest version of Aria Operations listed above to address these CVE’s

Follow below steps to apply the workaround for CVE-2026-22719:

1. Download the attached aria-ops-rce-workaround.sh script
2. Copy the script to your Aria Operations Virtual Appliance Primary node
   scp aria-ops-rce-workaround.sh root@OPS_PRIMARY_NODE_FQDN_OR_IP:/root/
3. ssh root@OPS_PRIMARY_NODE_FQDN_OR_IP
4. cd /root/
5. chmod a+x ./aria-ops-rce-workaround.sh
6. ./aria-ops-rce-workaround.sh