CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html

ONE SENTENCE SUMMARY:

CISA added a critical VMware vCenter Server security flaw to its KEV catalog due to active exploitation evidence.

MAIN POINTS:

1. CISA listed VMware vCenter Server flaw CVE-2024-37079 as exploited.
2. The flaw allows remote code execution via DCE/RPC protocol heap overflow.
3. Broadcom patched CVE-2024-37079 and CVE-2024-37080 in June 2024.
4. QiAnXin LegendSec researchers identified four related vulnerabilities.
5. Two other flaws, CVE-2024-38812 and CVE-2024-38813, fixed in September 2024.
6. One vulnerability can be combined with privilege escalation for root access.
7. It’s unclear who exploits CVE-2024-37079 or the attack scale.
8. Broadcom confirmed in-the-wild abuse of CVE-2024-37079.
9. Agencies must update to the latest version by February 13, 2026.
10. Security flaw poses serious risks to vCenter Server environments.

TAKEAWAYS:

1. Keeping software updated is critical due to active exploitations.
2. Awareness of vulnerability details can mitigate potential risks.
3. Collaboration between companies and researchers improves security.
4. Rapid response to patches reduces exposure to threats.
5. Agencies should prioritize timely updates for optimal protection.