CVE-2026-22716 VMware Workstation out-of-bounds write vulnerability

Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes...

CVE-2026-22716

CVE-2026-22716 is addressed in VMware advisory VMSA-2026-0002. The issue is an out-of-bounds write in VMware Workstation, with a Moderate impact and a CVSSv3 up to 5.0. A malicious actor with non-administrative privileges on a guest VM can trigger the fault, potentially causing a crash of some Wo...

VMware Workstation 安全漏洞

VMware Workstation is a virtual machine software developed by the American company VMware. This software allows for the running of multiple virtual machines with different operating systems simultaneously. VMware Workstation 25H1 and earlier versions have a security vulnerability that stems from...

VMware Workstation 安全漏洞

VMware Workstation is a virtual machine software developed by the American company VMware. This software enables the creation of virtual machines that can run multiple different operating systems simultaneously. VMware Workstation 25H1 and earlier versions have a security vulnerability caused by...

CVE-2026-22719

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate...

CVE-2026-22715

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715...

CVE-2026-22722 VMware Workstation for Windows null pointer dereference may allow an authenticated user to trigger a crash

A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error. To Remediate CVE-2026-22722, apply the patches listed in the "Fixed version" column of the 'Response Matrix'...

CVE-2026-22722 VMware Workstation for Windows null pointer dereference may allow an authenticated user to trigger a crash

A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error. To Remediate CVE-2026-22722, apply the patches listed in the "Fixed version" column of the 'Response Matrix'...

CVE-2026-22722

CVE-2026-22722 is confirmed in the VMware advisory VMSA-2026-0002 as a NULL pointer dereference vulnerability affecting VMware Workstation for Windows . The issue is rated as Moderate with a CVSSv3 base score up to 6.1 . Affected product: VMware Workstation for Windows; vulnerable component: the ...

CVE-2026-22715 VMware Workstation/Fusion NAT vulnerability

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715...

CVE-2026-22715 VMware Workstation/Fusion NAT vulnerability

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715...

CVE-2026-22715

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715...

CVE-2026-22715

VMware Workstation and Fusion are affected by multiple CVEs (CVE-2026-22715, CVE-2026-22716, CVE-2026-22717, CVE-2026-22722) per VMSA-2026-0002. The issues include: CVE-2026-22715 — a logic flaw in management of network packets that could allow a malicious actor with guest-VM admin rights to inte...

PT-2026-22148

Name of the Vulnerable Software and Affected Versions Windows Workstation affected versions not specified Description A user with authenticated access on a Windows based Workstation host may cause a null pointer dereference error. Recommendations At the moment, there is no information about a new...

PT-2026-22147

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 25H1 and below Description An out-of-bound read issue exists in VMware Workstation. An attacker with non-administrative privileges on a guest virtual machine can potentially obtain limited information disclosure fro...

VMware Workstation 安全漏洞

VMware Workstation is a virtual machine software developed by the American company VMware. This software allows for the creation of virtual machines that can run multiple different operating systems simultaneously. VMware Workstation has a security vulnerability that can lead to a null pointer...

PT-2026-22146

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 25H1 and below Description A flaw exists in VMware Workstation that could allow a user with limited access within a guest virtual machine to disrupt the host system. Specifically, an out-of-bounds write issue can le...

VMware Workstation和VMware Fusion 安全漏洞

VMware Workstation and VMware Fusion are both products of the American company VMware. VMware Workstation is a virtual machine software that allows for the running of multiple different operating systems within a single virtual machine. VMware Fusion, on the other hand, is a virtual machine...

PT-2026-22145

Name of the Vulnerable Software and Affected Versions VMware Workstation and Fusion versions prior to 25H2U1 Description VMware Workstation and Fusion have a flaw in how network packets are managed. A malicious actor with administrative privileges on a Guest VM may be able to interrupt or interce...

EUVD-2026-8708

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate...