CVE-2026-22722

MEDIUM

Windows Workstation - DoS

Title source: llm

Description

A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error. To Remediate CVE-2026-22722, apply the patches listed in the "Fixed version" column of the 'Response Matrix'

Exploits (2)

github STUB 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-22722

View Code ZIP pw:eip

nomisec STUB 1 stars

by D7EAD · poc

https://github.com/D7EAD/CVE-2026-22722

View Code ZIP pw:eip

References (1)

[Various Sources] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986

Scores

CVSS v3 6.1

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Details

CWE

CWE-476

Status published

Products (2)

VMware/Workstation 17.0 - 25H2u1

VMware/Workstation 25H2u1

Published Feb 26, 2026

Tracked Since Feb 27, 2026