Authenticated User Null Pointer Deref in VMware Workstation on Windows
CVE-2026-22722 Published on February 26, 2026
VMware Workstation for Windows null pointer dereference may allow an authenticated user to trigger a crash
A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error. To Remediate CVE-2026-22722, apply the patches listed in the "Fixed version" column of the 'Response Matrix'
Vulnerability Analysis
CVE-2026-22722 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2026-22722
Want to know whenever a new CVE is published for VMware Workstation? stack.watch will email you.
Affected Versions
VMware Workstation:- Version 17.0 and below 25H2u1 is affected.
- Version 25H2u1 is unaffected.