VMware ESXi VM Escape Vulnerability: Patch CVE-2026-22972 Now
Critical VMware ESXi flaw lets attackers escape guest VMs and execute code on the hypervisor. If you run ESXi, this needs immediate patching.
Executive Summary
CVE-2026-22972 is a VM escape vulnerability. Attackers with guest admin privileges can break out to hypervisor with root access via use-after-free in virtual USB controller emulation.
Technical Analysis
Exploitation requires compromising a guest VM first, then leveraging USB controller operations to corrupt hypervisor memory. Affects ESXi 7.0 and 8.0.
Remediation
Patch ESXi immediately. Remove virtual USB controllers from VMs where not required. Prioritize hosts running mixed-trust or multi-tenant workloads.
References
- VMware Security Advisory
https://www.vmware.com/security/advisories/VMSA-2026-0007.html
Concerned about this threat?
Our security team can assess your exposure and recommend immediate actions.
Protect Your Organization
Find vulnerabilities like this in your systems before attackers do.
24/7 monitoring to detect and respond to threats like these in real time.
Block phishing and malware delivery targeting your organization.
Map security controls to 26 frameworks including NIST, SOC 2, and HIPAA.