CVE-2026-21985: VMware ESXi 7.x / 8.x

CVSS6 NVD 3.1

SeverityMEDIUM

ExploitationNo exploitation reported

Triage statusNo Known Exploit

ActionSchedule for next cycle

CVSS vectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected product

VMware ESXi 7.x / 8.x

Remediation Steps

Apply VMware patch VMSA-2026-0004 to all ESXi hosts.
If patching is not possible within 24 hours, disable OpenSLP service as temporary mitigation.
Scan ESXi host logs for indicators of compromise: unusual VM creation or encrypted VMDK files.
Verify backup integrity for all virtual machines on affected hosts.
Monitor network traffic from ESXi management interfaces for outbound connections to unknown IPs.

References

Coverage on defend.network

Vulnerability Priority Report – Week 3 of March 2026 (March 14–20)
VMware ESXi ransomware exploit; BlackSuit healthcare breach (2026-03-20)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

Affected product

Remediation Steps

References

Coverage on defend.network

Get Critical CVE Alerts