CVE-2026-22722 is a vulnerability identified in VMware Workstation version 17.0 running on Windows hosts. The issue stems from a NULL pointer dereference (CWE-476) that occurs when an authenticated user with local privileges interacts with the VMware Workstation software. This flaw can cause the application or the host process to crash, resulting in a denial of service (DoS) condition. The vulnerability requires the attacker to have local authenticated access, meaning remote exploitation is not feasible without prior access. The CVSS v3.1 base score is 6.1, reflecting medium severity with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H, indicating local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality impact, limited integrity impact, and high availability impact. Although no exploits are currently known in the wild, the vulnerability poses a risk to system stability and availability, especially in environments where multiple users share access to the host machine or where VMware Workstation is critical for operations. VMware has issued patches to address this issue, and affected users are advised to apply these updates promptly. The vulnerability does not expose sensitive data but can disrupt workflows and potentially cause data loss due to unexpected crashes.

The primary impact of CVE-2026-22722 is on system availability and integrity. An attacker with authenticated local access can cause VMware Workstation or the host process to crash, leading to denial of service. This can disrupt virtual machine operations, potentially causing data loss or interruption of critical services running inside VMs. Although confidentiality is not affected, the integrity of running virtual environments may be compromised due to abrupt termination. Organizations relying heavily on VMware Workstation for development, testing, or production virtualization on Windows hosts may experience operational downtime. The requirement for local authenticated access limits the attack surface but does not eliminate risk in multi-user or shared workstation environments. The absence of known exploits reduces immediate threat but patching is essential to prevent future exploitation. The vulnerability could also be leveraged as part of a multi-stage attack chain to escalate impact on affected systems.

To mitigate CVE-2026-22722, organizations should immediately apply the official patches provided by VMware for Workstation version 17.0 as listed in the vendor's response matrix. Beyond patching, restrict local user privileges on Windows hosts running VMware Workstation to trusted personnel only, minimizing the risk of malicious local actors. Implement strict access controls and monitoring on workstations to detect unusual activity that could indicate exploitation attempts. Employ application whitelisting and endpoint protection solutions to prevent unauthorized execution of malicious code. Regularly audit and update virtualization software to the latest versions to benefit from security fixes. Additionally, consider isolating critical VMware Workstation hosts from general user access and enforce strong authentication mechanisms. Maintain backups of virtual machines and host configurations to enable rapid recovery in case of disruption. Finally, educate users about the risks of local privilege misuse and enforce policies that limit unnecessary local access.