• Security scanners or internal audits may flag the OS or kernel version running on NSX appliances as potentially vulnerable to CVE-2026-46333 (ssh-keysign-pwn).

VMware NSX

CVE-2026-46333 is a local privilege escalation vulnerability. It cannot be exploited remotely. To successfully trigger this exploit and elevate privileges to root, an attacker must already possess valid, authenticated local shell access to the targeted system.

No resolution/workaround is required as VMware NSX is not exploitable by CVE-2026-46333.

All security advisories for VCF software can be found at Security Advisories - VMware Cloud Foundation. From this page, products can be filtered to locate advisories specific to NSX.  

As a proactive defense-in-depth measure, a future release of VMware NSX will include an update to the latest kernel version containing the upstream security fix for CVE-2026-46333.

If specific vulnerabilities are discovered (CVEs), search the knowledge base for the CVE number to determine if NSX is affected. 

If it is unclear if NSX is affected, open a case with Broadcom support. For more information, see Creating and managing Broadcom support cases.