CVE-2026-22722

MEDIUM

VMware Workstation >=17.0 <25H2u1 - Authenticated Denial of Service via Null Pointer Dereference

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-22722. PoCs published by XiaomingX, D7EAD.

AI-analyzed exploit summary The repository contains only a README.md with links to advisories but no exploit code or technical details. It lacks any functional PoC, scanner, or writeup content.

Description

A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error. To Remediate CVE-2026-22722, apply the patches listed in the "Fixed version" column of the 'Response Matrix'

Exploits (2)

github STUB 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-22722

The repository contains only a README.md with links to advisories but no exploit code or technical details. It lacks any functional PoC, scanner, or writeup content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unspecified
No auth needed
devstral-2 · analyzed Mar 07, 2026 Full analysis →
nomisec STUB 1 stars
by D7EAD · poc
https://github.com/D7EAD/CVE-2026-22722

The repository contains only a README with links to advisories for CVE-2026-22722 but no exploit code or technical details. It serves as a placeholder without functional content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Mar 07, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.1
EPSS 0.0015
EPSS Percentile 4.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (2)
VMware/Workstation 17.0 - 25H2u1
VMware/Workstation 25H2u1
Published Feb 26, 2026
Tracked Since Feb 27, 2026