VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)
CVE-2026-41722

8HIGH

Key Information:

Vendor: Vmware
Status: Vcf Operations; Vmware Aria Operations; Vmware Telco Cloud Platform
Vendor: CVE Published:; 8 June 2026

What is CVE-2026-41722?

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.

Affected Version(s)

VCF operations 9.1.x.x <= 9.1.0.0

VCF operations 9.0.x.x <= 9.0.2.0 EP2

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2026
Vulnerability Reserved
Apr 22, 2026

CVE-2026-41722 Data

JSON

Vmware

What is CVE-2026-41722?

Affected Version(s)

References

CVSS V3.1

Timeline