CISA Flags VMware vCenter RCE Flaw CVE-2024-37079 as Actively Exploited

January 26, 2026 at 12:35 AM

•

1 min read

CISA Flags VMware vCenter RCE Flaw CVE-2024-37079 as Actively Exploited — Photo: The Hacker News

TL;DR Summary

CISA added CVE-2024-37079, a critical heap-overflow flaw in Broadcom VMware vCenter Server, to the KEV catalog after evidence of active exploitation; Broadcom patched CVE-2024-37079 (and CVE-2024-37080) in June 2024, with researchers Hao Zheng and Zibo Li linking related DCE/RPC flaws; a Black Hat Asia 2025 presentation notes two additional CVEs (CVE-2024-38812/38813) patched later, and federal agencies must upgrade to the latest version by Feb 13, 2026 to stay protected.

Topics:technology #cisa #cve-2024-37079 #exploitation #kevcatalog #security #vcenter

Share this article

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog The Hacker News
Patch or die: VMware vCenter Server bug fixed in 2024 under attack today theregister.com
CISA Warns of Critical VMware vCenter RCE Vulnerability Exploited in Attacks CybersecurityNews
U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog Security Affairs
CISA Lists Exploited VMware vCenter Vulnerability CVE-2024-37079 in KEV Catalog filmogaz.com

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

79%

329 → 69 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights