EXECUTIVE SUMMARY
VMware has disclosed multiple Stored Cross-Site Scripting (XSS) vulnerabilities in VMware Cloud Foundation Operations. An authenticated attacker with privileges to create policies, views, or text widgets can inject and store malicious JavaScript code within the platform. When an administrator or other privileged user accesses the affected content, the script executes in their browser context, potentially allowing the attacker to hijack sessions, steal authentication tokens, perform unauthorized administrative actions, modify configurations, and facilitate further compromise of the VMware-managed environment.
- CVE IDs: CVE-2026-41722, CVE-2026-41723, CVE-2026-41724
- CVSS Score: 8.0
- Threat Type: Stored Cross-Site Scripting (XSS) / Script Injection Vulnerabilities
- Active Region: Global
- Affected Sector: Enterprise Organizations, Corporate Environments, Managed Service Providers (MSPs), Telecommunications
- Affected Product: VMware Aria Operations, VMware Cloud Foundation Operations, VMware Cloud Foundation, VMware vSphere Foundation, VMware Telco Cloud Platform
- Severity: High
- Published Date: June 8, 2026
TECHNICAL DETAILS
This Stored Cross-Site Scripting (XSS) vulnerability can be exploited by injecting and storing malicious JavaScript within vulnerable dashboard components. The malicious script remains dormant until a targeted user, such as an administrator, accesses the affected policy, view, or widget. Upon execution, the script runs within the victim’s browser session, potentially allowing an attacker to hijack the session, steal authentication tokens, perform unauthorized administrative actions, modify configurations, and facilitate further compromise of the virtualization environment.
- Target: VMware deployments utilizing affected operations components, including VMware Telco Cloud Platform, VMware Aria Operations, VMware vSphere Foundation, and VMware Cloud Foundation
- Root Cause: Improper input validation/sanitization within components that handle user-supplied input in management interfaces
- Prerequisite For Exploitation: An attacker must possess privileges to create or modify policies, views, or text widgets within the platform. Exploitation……



