If you haven't already, upgrade to Aria Operations 8.18.6 or 9.0.2 immediately. If a full patch isn't possible today, Broadcom has released an emergency shell script ( aria-ops-rce-workaround.sh ) as a temporary mitigation. 2. The Broadcom "Structural Reset" in 2026
CISA has added this to its Known Exploited Vulnerabilities (KEV) catalog, noting active exploitation in the wild. Search results for vmware (31)
Despite the friction, VMware is doubling down on . VCF 9.0 has integrated capabilities to run virtual machines, containers, and AI workloads side-by-side, which Broadcom argues justifies the premium pricing. For many organizations, 2026 is the year to decide whether to lean into this high-performance integrated stack or begin a multi-year migration to alternatives like Nutanix, KVM, or Proxmox. If you haven't already, upgrade to Aria Operations 8