wid-sec-w-2026-1813 · Published 2026-06-08 · View on BSI CERT-Bund ↗

VMware Cloud Foundation Operations: Multiple Vulnerabilities allow Cross-Site Scripting

CVSS N/A NONE

Risk Summary

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in VMware Cloud Foundation, VMware Aria Operations und VMware vSphere ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, wodurch er möglicherweise administrative Aktionen ausführen kann.

CVEs (3)

CVE-2026-41722 CVE-2026-41723 CVE-2026-41724

Affected Vendors

VMware

Affected Products (12)

VMware · Aria Operations <8.18.7

VMware · Aria Operations 8.18.7

VMware · Aria Operations <8.18.6

VMware · Aria Operations 8.18.6

VMware · Cloud Foundation <9.1.0.0

VMware · Cloud Foundation 9.1.0.0

VMware · Cloud Foundation <9.0.2.0 EP2

VMware · Cloud Foundation 9.0.2.0 EP2

VMware · vSphere Foundation <9.1.0.0

VMware · vSphere Foundation 9.1.0.0

VMware · vSphere Foundation <9.0.2.0 EP2

VMware · vSphere Foundation 9.0.2.0 EP2

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more