{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-22715","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2026-01-09T06:54:36.840Z","datePublished":"2026-02-26T18:29:14.190Z","dateUpdated":"2026-02-27T17:55:10.640Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","packageName":"VMware Workstation","platforms":["Linux","Windows"],"product":"Workstation","vendor":"VMware","versions":[{"lessThan":"25H2U1","status":"affected","version":"17.0","versionType":"custom"},{"status":"unaffected","version":"25H2U1","versionType":"custom"}]},{"defaultStatus":"affected","packageName":"ProductB","platforms":["MacOS"],"product":"Fusion","vendor":"VMware","versions":[{"lessThan":"25H2U1","status":"affected","version":"13.0","versionType":"custom"},{"status":"unaffected","version":"25H2U1","versionType":"custom"}]}],"credits":[{"lang":"en","type":"reporter","value":"Broadcom would like to thank Ao Wang, Yuxiang Yang, Ke Xu, Xuewei Feng, Qi Li, and Xueying Li for reporting this issue to us."}],"datePublic":"2026-02-26T07:33:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>VMWare Workstation and Fusion contain a logic flaw in the management of network packets.&nbsp;</p><p>Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's.&nbsp;</p><p>Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1</p>"}],"value":"VMWare Workstation and Fusion contain a logic flaw in the management of network packets. \n\nKnown attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. \n\nResolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1"}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2026-02-26T18:36:41.929Z"},"references":[{"tags":["vendor-advisory"],"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>To remediate CVE-2026-22715 please upgrade to VMwate Workstation or Fusion Version 25H2U1</p>"}],"value":"To remediate CVE-2026-22715 please upgrade to VMwate Workstation or Fusion Version 25H2U1"}],"source":{"discovery":"UNKNOWN"},"title":"VMware Workstation/Fusion NAT vulnerability","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-923","lang":"en","description":"CWE-923 Improper Restriction of Communication Channel to Intended Endpoints"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-27T17:55:05.951870Z","id":"CVE-2026-22715","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-27T17:55:10.640Z"}}]}}