CVE-2026-41723

Summary

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.

Affected Software

VendorProductVersion RangeStatus
VMwareVCF operations9.1.x.x <= 9.1.0.0affected
VMwareVCF operations9.0.x.x <= 9.0.2.0 EP2affected
VMwareVCF operations5.x <= 8.18.7affected
VMwareVMware Aria Operations8.18.x <= 8.18.6affected
VMwareVMware Aria Operations8.18.x <= 8.18.7affected
VMwareVMware Telco Cloud Platform5.x <= 8.18.7affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References