Nodes in VMware Aria Automation are flagged by security scans as vulnerable to PID 304845, which includes CVE-2026-3479 (CVSS 9.1). Engineering investigation confirms that the vulnerability affects the Orchestrator component within the VMware Aria Automation environment.

VMware Aria Automation 8.18.1

A security flaw exists within the specific build of the Orchestrator service packaged with the release of VMware Aria Automation 8.18.1.

Upgrade to VMware Aria Automation Orchestrator 8.18.1 Update 5 (or later). The VMware Aria Automation 8.18.1 Cumulative Update #5 contains the engineered patch that resolves CVE-2026-3479.

For more information, refer to the VMware Aria Automation Release Notes.