CVE Catalog

CVE-2026-41723

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile - higher than 18% of all known CVEs

Summary

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions.

Risk Assessment

These vulnerabilities could lead to unauthorized access and data manipulation within VMware Cloud Foundation Operations, posing a significant security risk to the organization.

Recommendation

It is recommended to update VMware Cloud Foundation Operations to the latest version and review user permissions to limit the ability to inject scripts.

Original NVD description (English source)

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS