Product Releases
| VMware Aria Operations | 8.18.6 | 02/24 | Download | Release Notes |
| VMware ESXi | 8.0 u3i | 02/24 | Download | Release Notes |
| VMware Fusion | 25H2u1 | 02/26 | Download | Release Notes |
| VMware Workstation (Windows) | 25H2u1 | 02/26 | Download | Release Notes |
| VMware Workstation (Linux) | 25H2u1 | 02/26 | Download | Release Notes |
| Aria Suite Lifecycle | 8.18.0 PATCH 7 | 02/24 | Download | Release Notes |
Product Lifecycle
| Product | Version | EOS |
|---|---|---|
| VMware Cloud Director Object Storage Extension | 3.0 | 14.03.26 |
| VMware Telco Cloud Automation | 3.1.1 | 16.04.26 |
| VMware Telco Cloud Automation | 3.1 | 16.04.26 |
| VMware Fusion (for Intel-based and Apple silicon Macs) | 25H2 | 01.06.26 |
| VMware Workstation Player | 25H2 | 01.06.26 |
| VMware Workstation Pro (For Windows) | 25H2 | 01.06.26 |
| VMware Workstation Pro for Linux | 25H2 | 01.06.26 |
| VMware Tools | 11.3.0 | 17.06.26 |
| VMware Tools | 11.3.5 | 17.06.26 |
| VMware Cloud Director Object Storage Extension | 3.0.0.1 | 27.06.26 |
| VMware Cloud Director Object Storage Extension | 3.1 | 27.06.26 |
| VMware Cloud Director Object Storage Extension | 3.1.0.1 | 27.06.26 |
| VMware Cloud Director Object Storage Extension | 3.1.0.2 | 27.06.26 |
| VMware Aria Automation Config | 8.17.0 | 30.06.26 |
VMware Security Advisories
Full Overview
| [VMSA-2026-0002] VMware Workstation and Fusion updates address multiple vulnerabilities CVE-2026-22719, CVE-2026-22720 and CVE-2026-22721 | CVSSv32.7 – 6.1 |
| Multiple vulnerabilities in VMware Workstation and Fusion were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in the affected Broadcom products. – VMware Workstation for Windows NULL Pointer Dereference vulnerability (CVE-2026-22722) – VMware Workstation/Fusion NAT vulnerability (CVE-2026-22715) – VMware Workstation out-of-bounds write vulnerability (CVE-2026-22716) – VMware Workstation out-of-bounds read vulnerability (CVE-2026-22717) | |
| Product | Version | CVE | Fixed Version | Workaround |
| Workstation | 17.x / 25H2 | CVE-2026-22715,CVE-2026-22716,CVE-2026-22717 | 25H2u1 | None |
| Workstation | 17.x / 25H2 | CVE-2026-22722 | 25H2u1 | None |
| Fusion | 13.x / 25H2 | CVE-2026-22715 | 25H2u1 | None |
| [VMSA-2026-0001] VMware Aria Operations updates address multiple vulnerabilities CVE-2026-22719, CVE-2026-22720 and CVE-2026-22721 | CVSSv36.2 – 8.1 |
| Multiple vulnerabilities in VMware Aria Operations were privately reported to Broadcom. Updates and workarounds are available to remediate or workaround these vulnerabilities in affected Broadcom products. – Aria Operations command injection vulnerability (CVE-2026-22719) – Aria Operations stored cross site scripting vulnerability (CVE-2026-22720) – Aria Operations privilege escalation vulnerability (CVE-2026-22721) | |
| Product | Component | Version | CVE | Fixed Version | Workaround |
| VCF VVF | VCF Operations | 9.x.x.x | CVE-2026-22719 CVE-2026-22720 CVE-2026-22721 | 9.0.2.0 Release Notes Download (VCF) Download (VVF) | KB430349 (for *-22719) |
| Aria Ops | 8.x | CVE-2026-22719CVE-2026-22720 CVE-2026-22721 | 8.18.6 Release Notes Download | KB430349 (for *-22719) | |
| VCF | Aria Operations | 5.x 4.x | CVE-2026-22719CVE-2026-22720 CVE-2026-22721 | KB92148 | KB430349 (for *-22719) |
| Telco CloudPlatform | Aria Operations | 5.x4.x | CVE-2026-22719CVE-2026-22720 CVE-2026-22721 | KB428241 | KB430349 (for *-22719) |
| Telco CloudInfrastructure | Aria Operations | 3.x2.x | CVE-2026-22719CVE-2026-22720 CVE-2026-22721 | KB428241 | KB430349 (for *-22719) |
KB Articles
Some new and updated KB articles
| Subject | ID |
|---|---|
| NSX upgrade cancels automatically in VCF Operations 9.0.2 | 431174 |
| Logging in VCF 9 automation, an error page is displayed „An error occurred during login. Please, contact your administrator.“. | 431168 |
| VM with NVIDIA shared vGPU fails to boot when deployed by Aria Automation | 431163 |
| Virtual machines sporadically losing network connectivity | 430978 |
| Downloading and Installing open-vm-tools for Ubuntu 24.04 LTS | 430963 |
| Failed to auto-rotate the certificates for Spherelet- Alert on the ESXi hosts | 430958 |
| Not Able to Split Licenses Between Tenants in VCF Business Console | 430806 |
| Unable to upgrade Aria Operations 8.18.6 to VCF Operations 9.0, 9.0.1 or 9.0.2 from Aria Suite Lifecycle Manager | 430778 |
| Attempts to login to VCF Operations for Logs fail when using VCF Identity Broker SSO with error „Invalid redirect URL“ | 430739 |
| vCenter Upgrade from 8u3X to 9.0.X fails with at „VCENTER UPGRADE PRECHECK“ phase | 430729 |
| Different End Date Displayed After Splitting a VCF License in Business Services Console | 430716 |
| Pings are not passing over GRE tunnel | 430688 |
| Creating a workload domain by importing an existing vCenter fails with the error „Error in configuring VLAN backed transport node collections“ | 430661 |
| OVF export does not start in VMware Host Client | 430660 |
| Remove snapshot failed with One of the disks in this virtual machine is already in use by a virtual machine or by a snapshot. | 430652 |
| Password Rotation Option Missing for Management Components in VCF 9.0 Fleet Management | 430609 |
| Reconnecting Fleet Management with VCF operation fails with error „Internal server error“ | 430561 |
| NSX service account is disconnected in SDDC manager Password Management | 430558 |
| Workaround instructions to address CVE-2026-22719 in Aria Operations 8.18.x and 9.0.x | 430349 |
| RHEL 9.x High Availability (HA) Support on VMware ESXi 8.x | 430485 |
| VM snapshot consolidation takes significantly longer when LUN replication is enabled | 430368 |
| Microsoft Windows Failover Cluster validation reports a warning „Persistent Reservation command took longer than 3 seconds“ on virtual machines with shared RDMs | 430353 |
| False Positive Vulnerabilities (CVE-2021-47469, CVE-2021-3421, etc.) reported by security scanners against VMware NSX | 430317 |
OnSite Events
Incl. VMUG User/cons
| VMUG Connect – Amsterdam | March 17-19 | |
| VMUG Connect – Minneapolis | April 07-09 | |
| VMUG Connect – Toronto | May 12-14 | |
| VMUG Connect – Dallas | June 09-11 | |
| VMUG Connect – Orlando | October 20-22 | |
| Explore Las Vegas 2026 (Save the date) | week of August 31 | |
| Local VMUG Events Overview | ||
Podcast | Webinar | Blog Posts
Podcasts , Blogs and Webinars published last week
Blogpost
| VCF Operations for Logs 9.0: A New Era of Log Management for VMware Cloud Foundation ntpro.nl | Blogpost |
| With the release of VMware Cloud Foundation 9.0, Broadcom has taken a significant step forward in simplifying log management and troubleshooting for private cloud environments. VCF Operations for Logs 9.0 introduces a deeply integrated logging solution that brings log analytics directly into the VCF Operations interface — making life easier for NOC teams, SREs, IT administrators, and application teams alike. In this blog post, I’ll walk you through the key new features, architecture improvements, and what this means for your day-to-day operations. | |
| Using Harbor as an AI Model Registry VMware vSphere Kubernetes | Blogpost |
| In summary, the container ecosystem spent years building robust infrastructure for packaging, distributing, and deploying software artifacts. The OCI specification’s extensibility means that AI models can now leverage that same infrastructure with the same security, governance, and operational maturity. Harbor, as a CNCF-graduated registry, is particularly well-positioned for this role. Its multi-tenancy, RBAC, replication, and scanning capabilities address the security and compliance requirements that enterprise AI deployments demand. And because models are stored as standard OCI artifacts, the entire ecosystem of OCI-compatible tools—ORAS, KitOps, and more—work interchangeably. | |
| Applying Aria Suite Lifecycle Manager 8.18 Patch 7 brockpeterson.com | Blogpost |
| Aria Suite Lifecycle Manager 8.18 Patch 7 dropped last week, let’s apply it! Log into the Broadcom Support Portal and get it here. You will also need the preparation script provided here. Once both of these have been downloaded you can SCP them up to /data on your ASLCM VM. [..] | |
Podcast
| Procuring hardware for a vSAN based VCF infrastructure – featuring John Nicholson! Unexplored Territory #112 | Podcast |
| I’ve been on the Virtually Speaking podcast several times, so it was time to invite one of the hosts to the Unexplored Territory Podcast and discuss his favorite topic, hardware configurations, and the bill of materials! John Nicholson goes over all the ins and outs of procuring new hardware and talks about ordering components for existing hardware. We discuss NICs, Switches, Ready Node configurations, Emulated Ready Node configurations, NVMe devices, and much more. | |
| Identity Security for VMware Cloud Foundation Virtually Speaking Podcast | Youtube |
| In this episode of the Virtually Speaking Podcast, Pete Flecha and John Nicholson are joined by Lee Howard, Head of IAM Product Management at Broadcom, to break down Identity Security for VMware Cloud Foundation and why IAM, PAM, and zero trust access are critical for modern private cloud environments. As part of our VCF Advanced Services Series, this episode explores how identity security has evolved from simple Active Directory authentication and sticky-note passwords to: • Risk-based, context-aware access• Continuous verification and zero trust principles• Privileged Access Management (PAM) with credential vaulting and session recording• Protection for both human and machine identities• Kubernetes-based, cloud-native deployment inside VCF We discuss how modern IAM platforms leverage standards like SAML and OpenID Connect, how PAM enforces least-privilege access and credential rotation, and how behavioral signals help prevent insider threats and compromised accounts. | |
Webinar
| Modern Containers — Real Workloads. Real Numbers. VKS on VCF vs OpenShift — Beyond the Myths VCF Webinar Series | WebinarOnDemand |
| Myth busting: “Bare metal is always faster than virtualization” — and why that assumption can be costlyThe business case beyond benchmarks: team velocity, governance, onboarding speed, and operational costWhat VKS actually is: upstream CNCF conformant Kubernetes on demand inside vSphere and VCFHow to get started: vSphere 8 U3 with Supervisor / Workload ManagementEcosystem integrations: CNI, CSI, registry, CI/CD tooling, NSX micro segmentation, and AntreaRelease cadence: why being about 2 months behind upstream can be a featureThe broader VCF services story: VKS plus VM Service plus private AI servicesHow platform engineers keep existing pipelines — VKS is simply the API endpoint | |
| Beyond vSAN: Optimizing VCF with External Storage | Everpure VMUG | Webinar03/05/26 |
| VMware Cloud Foundation (VCF) provides a powerful, standardized platform for modern SDDCs—but many VMware administrators are left navigating new deployment models, storage choices, and operational tradeoffs. With VCF 9 expanding support for external storage, understanding how to design and operate VCF beyond vSAN is now a critical skill. In this session, we’ll take a technical, administrator-focused look at running VMware Cloud Foundation with Pure Storage FlashArray. We will move past the basics to explore how VCF fleets, instances, and workload domains consume principal and supplemental storage via Fibre Channel and NFS. | |
| VMUG Member Voices Series – Certification Edition VMUG | Webinar03/11/26 |
| Join us for the next VMUG Member Voices: Certification Edition, featuring an interactive discussion with VMUG Vice President, Justin Sider. This informal, peer-driven conversation creates space to ask questions, share experiences, and gain practical insights from fellow VMUG members. Whether you are just getting started or preparing for your next exam, you’ll leave feeling more informed, supported, and confident in your certification path. | |