Patch Aria Operations from 8.18.x to latest 8.18.6 in consideration to VMSA-2026-0001
Article ID: 430710
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
This article provides the prerequisites and general steps to upgrade VMware Aria Operations environments from 8.18.x to 8.18.6 to address the vulnerabilities detailed in VMSA-2026-0001.
These security updates mitigate an unauthenticated remote code execution risk (CVE-2026-22719) that can occur during product migrations.
Environment
VMware Aria Operations 8.18.x
Resolution
IMPORTANT Pre-Requisites:
- Backups and Snapshots: Ensure you have a current, valid backup. Take the cluster offline and take non-memory snapshots of all Aria Operations nodes (Primary, Replica, Data, Remote Collectors, Cloud Proxies) prior to starting. See the Aria Operations Snapshot Guide for the essential steps.
- Component Compatibility: If using Aria Suite Lifecycle (ASLCM), ensure ASLCM and Workspace ONE Access (vIDM) are updated to compatible patch levels before upgrading Aria Operations.
See CSP-102547 Patch Instructions for VMware Identity Manager 3.3.7 and VMware Aria Suite Lifecycle 8.18.0 Patch 6 and 7.
- Disk Space: Verify you have adequate disk space across your nodes to handle the
.pakextraction and upgrade process. - Method 1: Upgrading via Aria Suite Lifecycle (Recommended)
- Stage the Binary: Download the Aria Operations 8.18.6 upgrade package from the Broadcom Support Portal and transfer it to your ASLCM appliance (e.g., via SFTP to the
/datadirectory). In the ASLCM UI, navigate to Lifecycle Operations > Settings > Binary Mapping. Set the Source Location, click Discover, and then Add. - Initiate the Upgrade: Navigate to Environments and select View Details for your Aria Operations deployment. Click the Upgrade option and select the target version (8.18.6).
- Run Pre-checks and Execute: Run the Precheck Assessment (APUAT). Resolve any warnings regarding disk space, certificates, or cluster health. Once the precheck passes, proceed with the upgrade. ASLCM will sequentially update and reboot the nodes.
- Validation: Track the progress through the stages in the ASLCM request details page. Once finished, log into Aria Operations, check the About page to verify the 8.18.6 build, and ensure your adapters are actively collecting data.
- Stage the Binary: Download the Aria Operations 8.18.6 upgrade package from the Broadcom Support Portal and transfer it to your ASLCM appliance (e.g., via SFTP to the
- Method 2: Upgrading via the Aria Operations Admin UI (Manual)
- Take the Cluster Offline: Log into the Aria Operations Admin UI at
https://<master-node-IP>/admin. Click Take Cluster Offline, provide a reason when prompted, and wait for the cluster status to change to offline. - Upload and Install the Update: Navigate to the Software Update tab on the left menu and click Install a Software Update. Browse to upload the downloaded 8.18.6
.pakfile, accept the EULA, and start the installation. - Completion and Validation: The system will automatically log you out during the extraction and installation process. Once complete, log back into the Admin UI, verify the cluster has been brought back Online, and confirm the version displays as 8.18.6.
- Take the Cluster Offline: Log into the Aria Operations Admin UI at
If the upgrade process fails, please gather the support bundle for Aria Operations from when the patch failed and reach out to Broadcom Support.
Additional Information
Feedback
Yes
No
Powered by
