CVE-2026-22715

Summary

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. 

Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. 

Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1

Affected Software

VendorProductVersion RangeStatus
VMwareWorkstation17.0 < 25H2U1affected
VMwareWorkstation25H2U1unaffected
VMwareFusion13.0 < 25H2U1affected
VMwareFusion25H2U1unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References