CVE-2026-41724
HighCVSS 8.0Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
Risk Assessment
These vulnerabilities could lead to unauthorized access and data manipulation within the system, posing a serious security threat to the organization.
Recommendation
It is recommended to update VMware Cloud Foundation Operations to the latest version and review user permissions to limit the ability to inject scripts.
Original NVD description (English source)
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.

