CVE-2026-22720

🗓️ 25 Feb 2026 19:33:14Reported by vmwareType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 21 Views

Stored cross-site scripting in VMware Aria lets users inject scripts; patch advised.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2026-22720	25 Feb 202619:33	–	attackerkb
Circl	CVE-2026-22720	24 Feb 202617:42	–	circl
CNNVD	VMware Aria Operations 安全漏洞	25 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-22720 VMware Aria Operations stored cross-site scripting vulnerability	25 Feb 202619:33	–	cvelist
EUVD	EUVD-2026-8709	25 Feb 202621:31	–	euvd
NCSC	Vulnerabilities fixed in VMware Aria Operations	4 Mar 202608:54	–	ncsc
NVD	CVE-2026-22720	25 Feb 202620:23	–	nvd
OSV	CVE-2026-22720	25 Feb 202620:23	–	osv
Positive Technologies	PT-2026-21685	24 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-22720	26 Feb 202622:34	–	redhatcve

NVD

Node

vmware aria_operationsRange8.0–8.18.6

vmware cloud_foundationRange4.0–5.2.3

vmware cloud_foundationRange9.0–9.0.2.0

vmware telco_cloud_infrastructureRange2.2–3.0

vmware telco_cloud_platformRange4.0–5.1

[
  {
    "vendor": "VMware",
    "product": "VMware Aria Operations",
    "packageName": "vmware-aria-operations",
    "versions": [
      {
        "status": "affected",
        "version": "8.18.0",
        "lessThan": "8.18.6",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "8.18.6"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "VMware",
    "product": "VMware Cloud Foundation Operations",
    "packageName": "VMware Cloud Foundation Operations",
    "versions": [
      {
        "status": "affected",
        "version": "4.x",
        "lessThan": "5.2.3",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "9.x.x",
        "lessThan": "9.0.2",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.x",
        "lessThan": "5.2.3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "VMware",
    "product": "VMware Telco Cloud Platform",
    "packageName": "vmware-telco-cloud-platform",
    "versions": [
      {
        "status": "affected",
        "version": "4.0",
        "lessThan": "5.2.3",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.2.3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "VMware",
    "product": "VMware Telco Cloud Infrastructure",
    "packageName": "vmware-telco-cloud-infrastructure",
    "versions": [
      {
        "status": "affected",
        "version": "2.0",
        "lessThan": "5.2.3",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.2.3"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
techdocs	www.techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html
support	www.support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

17 Jun 2026 10:20Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.18 - 9

EPSS0.00411

SSVC

CWE-79