Stored Cross-Site Scripting Vulnerabilities in VMware Cloud Foundation Operations
CVE-2026-41724

8HIGH

What is CVE-2026-41724?

VMware Cloud Foundation Operations is exposed to multiple stored cross-site scripting vulnerabilities. These vulnerabilities allow a malicious actor with sufficient privileges to create policies, views, or text-widgets to inject scripts. This unauthorized script execution can lead to significant security risks, including unauthorized administrative actions within the platform. Proper validation and sanitization processes must be implemented to mitigate such risks and protect against potential exploits.

Affected Version(s)

VCF operations 5.x <= 8.18.7

VMware Aria Operations 8.18.x <= 8.18.7

VMware Telco Cloud Platform 5.x <= 8.18.7

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.