Stored Cross-Site Scripting Vulnerabilities in VMware Cloud Foundation Operations
CVE-2026-41724
8HIGH
What is CVE-2026-41724?
VMware Cloud Foundation Operations is exposed to multiple stored cross-site scripting vulnerabilities. These vulnerabilities allow a malicious actor with sufficient privileges to create policies, views, or text-widgets to inject scripts. This unauthorized script execution can lead to significant security risks, including unauthorized administrative actions within the platform. Proper validation and sanitization processes must be implemented to mitigate such risks and protect against potential exploits.
Affected Version(s)
VCF operations 5.x <= 8.18.7
VMware Aria Operations 8.18.x <= 8.18.7
VMware Telco Cloud Platform 5.x <= 8.18.7