CVE-2026-22722 is a vulnerability identified in VMware Workstation version 17.0 running on Windows-based hosts. The issue is classified as a CWE-476 NULL Pointer Dereference, which occurs when the software attempts to access or dereference a pointer that has a null value, leading to a crash or denial of service condition. An attacker with authenticated user privileges on the host system can trigger this flaw without requiring additional user interaction. The vulnerability does not expose sensitive data or allow privilege escalation but can cause the VMware Workstation application to crash, impacting availability. The CVSS v3.1 base score is 6.1, indicating a medium severity level, with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H, meaning local attack vector, low attack complexity, requires privileges, no user interaction, unchanged scope, no confidentiality impact, low integrity impact, and high availability impact. While no exploits have been reported in the wild, the vulnerability poses a risk to environments where VMware Workstation is used for virtualization on Windows hosts. VMware has released patches to address this issue, and users are advised to apply them promptly. The flaw highlights the importance of robust pointer handling in virtualization software to prevent denial of service conditions that could disrupt business operations.

The primary impact of CVE-2026-22722 is on the availability of VMware Workstation on affected Windows hosts. An authenticated user can cause the application to crash by triggering a null pointer dereference, resulting in denial of service. This could disrupt development, testing, or operational workflows that rely on VMware Workstation for virtualization. Although the vulnerability does not compromise confidentiality or allow privilege escalation, the loss of availability can lead to productivity losses and potential operational delays. Organizations with multiple users having authenticated access to workstations running VMware Workstation 17.0 are at increased risk of accidental or intentional disruption. In environments where VMware Workstation hosts critical virtual machines, this could impact business continuity. Since exploitation requires local authenticated access, remote attackers cannot exploit this vulnerability directly, limiting its scope. However, insider threats or compromised user accounts could leverage this flaw to cause disruption. The absence of known exploits in the wild reduces immediate risk but does not eliminate the need for timely patching.

To mitigate CVE-2026-22722, organizations should immediately apply the official patches provided by VMware as listed in their response matrix for VMware Workstation 17.0. Beyond patching, organizations should enforce strict access controls to limit authenticated user privileges on Windows hosts running VMware Workstation, minimizing the number of users who can trigger the vulnerability. Implementing endpoint monitoring to detect abnormal VMware Workstation crashes or service interruptions can help identify exploitation attempts or accidental triggers. Regularly auditing user accounts and their permissions on host systems will reduce the risk of insider threats exploiting this vulnerability. Additionally, organizations should educate users about the risks of causing application crashes and encourage reporting of any unusual workstation behavior. Maintaining up-to-date backups of virtual machines can help recover quickly from any disruption caused by denial of service. Finally, integrating VMware Workstation hosts into broader vulnerability management and patching workflows ensures timely updates and reduces exposure windows.