VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722,...

8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Description

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.

Basic Information

ID CVE-2026-41722

Source vmware

Published Jun 8, 2026 at 07:05

Affected Product

Vendor VMware

Product VCF operations

Version 9.1.x.x

Affected Versions VMware VCF operations 9.1.x.x
VMware VCF operations 9.0.x.x
VMware VCF operations 5.x
VMware VMware Aria Operations 8.18.x
VMware VMware Aria Operations 8.18.x
VMware VMware Telco Cloud Platform 5.x

References

support.broadcom.com /web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37513

{
    "lastseen": "",
    "description": "VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.",
    "published": "2026-06-08T07:05:31.333Z",
    "modified": "2026-06-08T07:05:31.333Z",
    "type": "cve",
    "title": "VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)",
    "source": "vmware",
    "references": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37513",
    "id": "CVE-2026-41722",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "VMware VCF operations 9.1.x.x\nVMware VCF operations 9.0.x.x\nVMware VCF operations 5.x\nVMware VMware Aria Operations 8.18.x\nVMware VMware Aria Operations 8.18.x\nVMware VMware Telco Cloud Platform 5.x",
    "sourceHref": "",
    "cvss": {
        "score": 8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "VCF operations",
    "version": "9.1.x.x",
    "vendor": "VMware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)_CVE-2026-41722

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply