CISA Adds Actively Exploited VMware vCenter Flaw to KEV Catalog
By Ravie Lakshmanan
January 24, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Broadcom's VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, CVE-2024-37079, is a heap overflow in the DCE/RPC protocol implementation that could allow remote code execution by a malicious actor with network access to the vCenter Server.
This flaw, along with another heap overflow (CVE-2024-37080), was discovered and reported by Chinese cybersecurity researchers Hao Zheng and Zibo Li. In a presentation at the Black Hat Asia security conference, they revealed that these vulnerabilities are part of a set of four issues, including three heap overflows and one privilege escalation, found in the DCE/RPC service. The other two vulnerabilities, CVE-2024-38812 and CVE-2024-38813, were patched by Broadcom in September 2024.
The researchers found that one of the heap overflow vulnerabilities could be chained with the privilege escalation vulnerability to achieve unauthorized remote root access and control over ESXi. While the exact methods of exploitation for CVE-2024-37079 are unknown, Broadcom has confirmed in-the-wild abuse of the vulnerability.
CISA's addition of this flaw to the KEV catalog highlights the importance of updating to the latest version of VMware vCenter Server by February 13, 2026, to protect against active exploitation. This alert serves as a reminder for organizations to stay vigilant and promptly apply security patches to prevent potential security breaches.
