- 169/2026
- High
VMware has released a security update to fix several vulnerabilities in multiple VMware products.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, create policies, views, or text widgets, and perform administrative actions on the affected products.
Sample of the addressed vulnerabilities:
VMware Cloud Foundation Operations Stored Cross-Site Scripting Vulnerability (CVE-2026-41722):
- CVSS: 8.0
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
The affected products:
- VMware Aria Operations.
- VMware Cloud Foundation Operations.
- VMware Cloud Foundation.
- VMware vSphere Foundation.
- VMware Telco Cloud Platform.
Vulnerabilities
- CVE-2026-41722
- CVE-2026-41723
- CVE-2026-41724
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.