Description
VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986
Scores
CVSS v3
5.9
EPSS
0.0001
EPSS Percentile
1.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-923
Status
published
Products (4)
VMware/Fusion
13.0 - 25H2U1
VMware/Fusion
25H2U1
VMware/Workstation
17.0 - 25H2U1
VMware/Workstation
25H2U1
Published
Feb 26, 2026
Tracked Since
Feb 27, 2026