{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22716", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-01-09T06:54:36.840Z", "datePublished": "2026-02-27T19:01:44.248Z", "dateUpdated": "2026-02-27T19:19:19.576Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Workstation", "vendor": "VMware", "versions": [{"lessThan": "25H2U1", "status": "affected", "version": "25H2", "versionType": "custom"}]}], "datePublic": "2026-02-26T22:26:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Out-of-bound write vulnerability </span>in VMware Workstation 25H1 and below on any platform allows an <span style=\"background-color: rgb(255, 255, 255);\">actor with non-administrative privileges on a guest VM </span>to terminate certain&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Workstation processes.</span><p></p>"}], "value": "Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain\u00a0Workstation processes."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-02-27T19:19:19.576Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986"}], "source": {"discovery": "UNKNOWN"}, "title": "VMware Workstation out-of-bounds write vulnerability", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T19:13:38.437019Z", "id": "CVE-2026-22716", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T19:13:59.340Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-27T19:13:38.437019Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T19:13:53.197Z"}}], "cna": {"title": "VMware Workstation out-of-bounds write vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "Workstation", "versions": [{"status": "affected", "version": "25H2", "lessThan": "25H2U1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-26T22:26:00.000Z", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain\u00a0Workstation processes.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Out-of-bound write vulnerability </span>in VMware Workstation 25H1 and below on any platform allows an <span style=\"background-color: rgb(255, 255, 255);\">actor with non-administrative privileges on a guest VM </span>to terminate certain&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Workstation processes.</span><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-02-27T19:19:19.576Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22716", "state": "PUBLISHED", "dateUpdated": "2026-02-27T19:19:19.576Z", "dateReserved": "2026-01-09T06:54:36.840Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2026-02-27T19:01:44.248Z", "assignerShortName": "vmware"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain\u00a0Workstation processes."}, {"lang": "es", "value": "Vulnerabilidad de escritura fuera de l\u00edmites en VMware Workstation 25H1 y versiones anteriores en cualquier plataforma permite a un actor con privilegios no administrativos en una VM invitada terminar ciertos procesos de Workstation."}], "id": "CVE-2026-22716", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.7, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-02-27T19:16:07.200", "references": [{"source": "security@vmware.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security@vmware.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[25H2,25H2U1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Workstation", "source": "cna", "vendor": "VMware"}, "product": "workstation", "vendor": "vmware"}], "analysis": {"en": {"generated_at": "2026-04-16T15:22:52.220995+00:00", "value": {"mitigation_remediation": ["Upgrade VMware Workstation to version 25H2 or later, which contains a mitigation for the buffer overrun.", "Apply the official vendor patch or installation update released after the advisory publication.", "Enforce strict least\u2011privilege policies inside guest operating systems so that ordinary users cannot execute code that could trigger the vulnerability.", "Monitor Workstation process stability and log anomalies to detect unexpected terminations that could indicate exploitation attempts."], "summary": {"action": "Assess Impact", "impact": "Denial of Service (process termination)"}, "threat_synthesis": {"affected_systems": "VMware Workstation 25H1 and older on any supported operating system. Users of these versions are exposed to the flaw regardless of the host platform.", "description_and_impact": "An out\u2011of\u2011bounds write bug in VMware Workstation versions 25H1 and earlier lets a user with non\u2011administrative rights in a guest virtual machine cause the termination of certain Workstation processes, effectively denying service to the host. The weakness is a classic buffer overrun insufficiency (CWE\u2011787).", "risk_and_exploitability": "The vulnerability scores a moderate CVSS of 5.0 and has a very low likelihood of exploitation (EPSS < 1%). It is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting no widely used exploit at this time. An attacker would need to be able to run unprivileged code inside the guest VM, then exploit the buffer overrun to trigger a write that leads to process termination on the host. Because the attack vector is local to the guest, the risk is confined to hosts where the attacker already has some presence in a guest machine."}}}}, "created": "2026-03-02T12:05:13.428486+00:00", "updated": "2026-04-16T15:30:06.222426+00:00", "vendors": ["vmware", "vmware$PRODUCT$workstation"]}