CRITICALVulnerability
Verified
Global
Critical VMware ESXi Vulnerability Allows Guest-to-Host Escape
Tuesday, March 17, 2026 at 09:00 AM UTC·Source: Broadcom / Microsoft Threat Intelligence
Updated: Wednesday, March 18, 2026 at 03:00 PM UTC
Executive Summary
A critical use-after-free vulnerability in VMware ESXi allows virtual machine escape. Active exploitation by ransomware groups confirmed.
Analysis
CVE-2026-22224 is a use-after-free in VMware ESXi USB controller allowing guest-to-host escape. Ransomware operators are using it to compromise entire virtualization estates from a single compromised VM. Broadcom has released patches for ESXi 7.0, 8.0, and vCenter Server. Mass scanning detected.
Timeline
Discovered
Mar 5, 2026
Exploitation Detected
Mar 10, 2026
Published
Mar 17, 2026
Patch Available
Mar 17, 2026