PatchSiren cyber security CVE debrief
CVE-2026-41722 VMware CVE debrief
CVE-2026-41722 is a HIGH severity vulnerability in VMware Cloud Foundation Operations. A malicious actor with privileges to create policies, views, or text-widgets may be able to inject scripts to perform administrative actions.
- Vendor
- VMware
- Product
- VCF operations
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of VMware Cloud Foundation Operations should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. A malicious actor with privileges to create policies, views, or text-widgets may be able to inject scripts to perform administrative actions.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates as recommended by the vendor.
- Restrict privileges to create policies, views, or text-widgets to authorized users only.
- Monitor VMware Cloud Foundation Operations for suspicious activity.
Evidence notes
The CVE-2026-41722 vulnerability has a CVSS score of 8 and is classified as HIGH severity. The vulnerability was published on 2026-06-08T09:16:30.363Z and modified on 2026-06-09T13:16:36.127Z.
Official resources
-
CVE-2026-41722 CVE record
CVE.org
-
CVE-2026-41722 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-41722 was published on 2026-06-08T09:16:30.363Z and modified on 2026-06-09T13:16:36.127Z.