Multiple VMware Stored XSS Vulnerabilities Allow Attackers to
Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities impacting VMware Cloud Foundation Operations and various related products. The company warns that authenticated...
Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities impacting VMware Cloud Foundation Operations and various related products. The company warns that authenticated attackers could exploit these flaws by injecting malicious scripts, enabling them to perform administrative actions within affected environments.
Tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, the flaws were addressed in security advisory VMSA-2026-0004, published on June 8, 2026.
Each vulnerability carries a CVSSv3 base score of 8.0, placing the issues in the “Important” severity range. No workarounds are available, making patching the only viable remediation path.
VMware Stored XSS Vulnerabilities
According to the advisory, VMware Cloud Foundation Operations contains multiple stored cross-site scripting weaknesses introduced through improperly sanitized user-controlled input.
Stored XSS is particularly dangerous compared to reflected variants because the malicious payload is persisted server-side and executed whenever a victim loads the affected component, enabling repeatable attacks against multiple users.
The advisory outlines a clear attack path. A malicious actor holding privileges to create policies, views, or text-widgets could embed crafted scripts into these objects.
When rendered in the management interface, those scripts execute in the context of other users, potentially higher-privileged administrators, allowing the attacker to carry out administrative actions on their behalf.
While exploitation requires existing authenticated access with object-creation rights, the privilege escalation potential within an operations platform that oversees virtualized infrastructure makes the risk significant.
The vulnerabilities were privately reported to Broadcom by Alexis Bernazzani of Visa Inc. The advisory spans a broad set of Broadcom virtualization products, including VMware Aria Operations, VMware Cloud Foundation Operations, VMware Cloud Foundation, VMware vSphere Foundation, and VMware Telco Cloud Platform.
Broadcom has released patches and updates that organizations should apply according to the Response Matrix.
| Product | Component | Affected Version | CVEs Addressed | Fixed Version |
|---|---|---|---|---|
| VMware Cloud Foundation / vSphere Foundation | VMware Cloud Foundation Operations | 9.1.x.x | CVE-2026-41722, CVE-2026-41723 | 9.1.0.0 |
| VMware Cloud Foundation / vSphere Foundation | VMware Cloud Foundation Operations | 9.0.x.x | CVE-2026-41722, CVE-2026-41723 | 9.0.2.0 EP2 |
| VMware Aria Operations | N/A | 8.x | CVE-2026-41722, CVE-2026-41723 | 8.18.6 |
| VMware Aria Operations | N/A | 8.x | CVE-2026-41722, CVE-2026-41723, CVE-2026-41724 | 8.18.7 |
| VMware Cloud Foundation | VMware Aria Operations | 5.x | CVE-2026-41722, CVE-2026-41723, CVE-2026-41724 | 8.18.7 |
| VMware Telco Cloud Platform | VMware Aria Operations | 5.x | CVE-2026-41722, CVE-2026-41723, CVE-2026-41724 | KB443138 |
Administrators should prioritize applying the listed fixed versions promptly, given the absence of any workaround.
Organizations are also advised to review role assignments and tighten permissions for creating policies, views, and text-widgets, limiting the pool of accounts capable of triggering these vulnerabilities while patches are rolled out.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.