Multiple OpenSSH vulnerabilities have been reported that impact the security of the VMware Aria Automation appliance. These include risks of remote code execution, command injection, and privilege escalation.

The specific CVEs are:

• CVE-2026-35385

• CVE-2026-35386

• CVE-2026-35387

• CVE-2026-35388

• CVE-2026-35414

VMware Aria Automation

VMware by Broadcom is aware of these CVEs. This issue is tentatively planned to be fixed in VMware Aria Automation 8.18.1 P6.

Please refer to the release notes for existing and forthcoming product releases for any updates in relation to these CVEs.