VMware ESXi is listed in the Storm-1175 campaign via CVE-2026-1731, a 2026-dated identifier flagged in source material as reduced confidence pending independent corroboration and NVD publication. Organizations should monitor VMware/Broadcom security advisories directly for this CVE and apply patches as confirmed. ESXi exposure within a ransomware campaign context carries elevated risk due to the potential for mass VM encryption.