5.9
CVE-2026-22715
- EPSS 0.01%
- Veröffentlicht 26.02.2026 18:29:14
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@vmware.com
- CVE-Watchlists
- Unerledigt
VMware Workstation/Fusion NAT vulnerability
VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerVMware
≫
Produkt
Workstation
Default Statusaffected
Version
17.0
Version <
25H2U1
Status
affected
Version
25H2U1
Status
unaffected
HerstellerVMware
≫
Produkt
Fusion
Default Statusaffected
Version
13.0
Version <
25H2U1
Status
affected
Version
25H2U1
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.014 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@vmware.com | 5.9 | 1.6 | 4.2 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
|
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.