CVE-2026-41722
Analyzed
Analyzed - Analysis Complete
Stored XSS in VMware Cloud Foundation Operations
Vulnerability report for CVE-2026-41722, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-08
Last updated on: 2026-06-16
Assigner: VMware
Description
Description
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vmware | cloud_foundation | From 9.0 (inc) to 9.0.2.0 (exc) |
| vmware | telco_cloud_platform | From 5.0 (inc) to 5.1 (inc) |
| vmware | aria_operations | From 8.0 (inc) to 8.18.7 (exc) |
| vmware | cloud_foundation | From 5.0 (inc) to 8.18.7 (exc) |
| vmware | cloud_foundation | 9.1 |
| vmware | vsphere | From 9.0 (inc) to 9.0.2.0 (exc) |
| vmware | vsphere | 9.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
