CVE-2026-41722

HIGH

VMware Cloud Foundation Operations - Authenticated Stored Cross-Site Scripting

Title source: manual

Description

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.

References (1)

Core 1

Core References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37513

Scores

CVSS v3 8.0

EPSS 0.0027

EPSS Percentile 17.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (6)

VMware/VCF operations 5.x - 8.18.7

VMware/VCF operations 9.0.x.x - 9.0.2.0 EP2

VMware/VCF operations 9.1.x.x - 9.1.0.0

VMware/VMware Aria Operations 8.18.x - 8.18.6

VMware/VMware Aria Operations 8.18.x - 8.18.7

VMware/VMware Telco Cloud Platform 5.x - 8.18.7

Published Jun 08, 2026

Tracked Since Jun 08, 2026