CVE-2026-41722

🗓️ 08 Jun 2026 07:05:31Reported by vmwareType

Stored cross-site scripting flaws in VMware Cloud Foundation Operations enable privileged users to inject scripts and perform admin actions.

Reporter	Title	Published	Views	Family All 7
ATTACKERKB	CVE-2026-41722	8 Jun 202607:05	–	attackerkb
Circl	CVE-2026-41722	8 Jun 202610:00	–	circl
Cvelist	CVE-2026-41722 VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)	8 Jun 202607:05	–	cvelist
EUVD	EUVD-2026-35030	8 Jun 202607:05	–	euvd
NVD	CVE-2026-41722	8 Jun 202609:16	–	nvd
Positive Technologies	PT-2026-47259	8 Jun 202600:00	–	ptsecurity
VMware	VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)	8 Jun 202600:00	–	vmware

[
  {
    "vendor": "VMware",
    "product": "VCF operations",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.x.x",
        "lessThanOrEqual": "9.1.0.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "9.0.x.x",
        "lessThanOrEqual": "9.0.2.0 EP2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "5.x",
        "lessThanOrEqual": "8.18.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "VMware",
    "product": "VMware Aria Operations",
    "versions": [
      {
        "status": "affected",
        "version": "8.18.x",
        "lessThanOrEqual": "8.18.6",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.18.x",
        "lessThanOrEqual": "8.18.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "VMware",
    "product": "VMware Telco Cloud Platform",
    "versions": [
      {
        "status": "affected",
        "version": "5.x",
        "lessThanOrEqual": "8.18.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
support	www.support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37513

08 Jun 2026 09:16Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.18

SSVC