VMware Workstation/Fusion VM Network Packet Interception Flaw
CVE-2026-22715 Published on February 26, 2026
VMware Workstation/Fusion NAT vulnerability
VMWare Workstation and Fusion contain a logic flaw in the management of network packets.
Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's.
Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1
Vulnerability Analysis
Weakness Type
Improper Restriction of Communication Channel to Intended Endpoints
The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
Products Associated with CVE-2026-22715
stack.watch emails you whenever new vulnerabilities are published in VMware Workstation or VMware Fusion. Just hit a watch button to start following.
Affected Versions
VMware Workstation:- Version 17.0 and below 25H2U1 is affected.
- Version 25H2U1 is unaffected.
- Version 13.0 and below 25H2U1 is affected.
- Version 25H2U1 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.