{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22717", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-01-09T06:54:36.841Z", "datePublished": "2026-02-27T19:11:54.924Z", "dateUpdated": "2026-02-27T20:14:10.400Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Workstation", "vendor": "VMware", "versions": [{"lessThan": "25H1U1", "status": "affected", "version": "25H2", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed.<br>"}], "value": "Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-02-27T19:11:54.924Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986"}], "source": {"discovery": "UNKNOWN"}, "title": "VMware Workstation out-of-bound read vulnerability", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T20:14:05.072360Z", "id": "CVE-2026-22717", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T20:14:10.400Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22717", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-27T20:14:05.072360Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T20:13:42.776Z"}}], "cna": {"title": "VMware Workstation out-of-bound read vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "Workstation", "versions": [{"status": "affected", "version": "25H2", "lessThan": "25H1U1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-02-27T19:11:54.924Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22717", "state": "PUBLISHED", "dateUpdated": "2026-02-27T20:14:10.400Z", "dateReserved": "2026-01-09T06:54:36.841Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2026-02-27T19:11:54.924Z", "assignerShortName": "vmware"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed."}, {"lang": "es", "value": "Vulnerabilidad de lectura fuera de l\u00edmites en VMware Workstation 25H1 y versiones anteriores en cualquier plataforma permite a un actor con privilegios no administrativos en una m\u00e1quina virtual invitada obtener una revelaci\u00f3n de informaci\u00f3n limitada de la m\u00e1quina donde est\u00e1 instalado VMware Workstation."}], "id": "CVE-2026-22717", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-02-27T20:21:36.713", "references": [{"source": "security@vmware.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security@vmware.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[25H2,25H1U1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Workstation", "source": "cna", "vendor": "VMware"}, "product": "workstation", "vendor": "vmware"}], "analysis": {"en": {"generated_at": "2026-04-16T15:22:24.815253+00:00", "value": {"mitigation_remediation": ["Upgrade VMware Workstation to version 26 or later, which contains the fix for the out\u2011of\u2011bound read.", "Limit guest virtual machine users to non\u2011administrative accounts to reduce the potential impact of local read exploits.", "Place VMware Workstation host systems in a segregated network segment and enforce strict access controls to prevent unauthorized local users from accessing host files."], "summary": {"action": "Patch", "impact": "Limited Information Disclosure from Host"}, "threat_synthesis": {"affected_systems": "VMware Workstation, all platforms, versions 25H1 and earlier.", "description_and_impact": "An out\u2011of\u2011bound read flaw exists in VMware Workstation versions 25H1 and earlier. The flaw allows a guest VM user with non\u2011administrative privileges to read memory beyond intended bounds in the host process, exposing a small amount of sensitive data from the host. This is a classic CWE\u2011125 overflow that can lead to limited disclosure of host\u2011side information but does not provide code execution or denial of service.", "risk_and_exploitability": "The vulnerability scores 2.7 on the CVSS scale, indicating only low to medium severity, and the EPSS score is below 1%, showing a very low probability of exploitation. It is not in the CISA Known Exploited Vulnerabilities catalog. The attack requires a local guest user running a virtual machine and does not need administrative or network privileges on the host. Because the disclosed data is limited, the overall risk to confidentiality is moderate and would normally be mitigated by preventing escalation of local guest privileges or by applying the vendor patch."}}}}, "created": "2026-03-02T12:05:12.614962+00:00", "updated": "2026-04-16T15:30:06.221821+00:00", "vendors": ["vmware", "vmware$PRODUCT$workstation"]}