PatchSiren cyber security CVE debrief
CVE-2026-41723 VMware CVE debrief
CVE-2026-41723 is a HIGH severity vulnerability in VMware Cloud Foundation Operations. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. The vulnerability has a CVSS score of 8 and was first published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-41723).
- Vendor
- VMware
- Product
- VCF operations
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of VMware Cloud Foundation Operations should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is a stored cross-site scripting (XSS) issue in VMware Cloud Foundation Operations. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor as soon as possible.
- Restrict privileges to create policies, views or text-widgets to only trusted users.
- Monitor VMware Cloud Foundation Operations for suspicious activity.
Evidence notes
The CVE record was obtained from [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-41723) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-41723). Additional information can be found at [ref-4](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37513).
Official resources
-
CVE-2026-41723 CVE record
CVE.org
-
CVE-2026-41723 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-41723 was first published on 2026-06-08T09:16:30.567Z and modified on 2026-06-09T13:16:36.260Z.