5.9
CVE-2026-22715
- EPSS 0.03%
- Veröffentlicht 26.02.2026 18:29:14
- Zuletzt bearbeitet 27.02.2026 18:16:11
- Quelle security@vmware.com
- CVE-Watchlists
- Unerledigt
VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerVMware
≫
Produkt
Workstation
Default Statusaffected
Version <
25H2U1
Version
17.0
Status
affected
Version
25H2U1
Status
unaffected
HerstellerVMware
≫
Produkt
Fusion
Default Statusaffected
Version <
25H2U1
Version
13.0
Status
affected
Version
25H2U1
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.094 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@vmware.com | 5.9 | 1.6 | 4.2 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
|
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.