InfoSecBulletin Cybersecurity for mankind
Broadcom has revealed three stored cross-site scripting (XSS) flaws that affect VMware Cloud Foundation Operations and some other products. They warn that attackers who are logged in could add harmful scripts to do admin tasks in the system.
Tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, the issues were fixed in the security notice VMSA-2026-0004, released on June 8, 2026.
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the WildÂ
AI-designed First ‘universal vaccine’ tested in humans
China Unveils First Prefabricated Data Center Base, Reducing Construction Time by 70%
Hacker now exploits recently patched SolarWinds Serv-U flaw
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
CVE-2026-20230
Cisco Patches in Unified CM as Exploit Code Goes Public
1-Click GitHub Token Flaw Allows Attackers Steal Users’ OAuth Tokens
TP-Link Router Flaw Enables Remote Command Execution Attacks
VMware Stored XSS Vulnerabilities
VMware Cloud Foundation Operations has several stored cross-site scripting flaws caused by not properly checking user input.
Stored XSS is more dangerous than reflected XSS because the harmful code stays on the server and runs every time a victim opens the affected part, allowing repeated attacks on many users.
The flaws were shared privately with Broadcom by Alexis Bernazzani from Visa Inc. The notice covers many Broadcom virtualization products, such as VMware Aria Operations, VMware Cloud Foundation Operations, VMware Cloud Foundation, VMware vSphere Foundation, and VMware Telco Cloud Platform. Broadcom has put out fixes and updates that companies should use based on the Response Matrix.
| Product | Component | Affected Version | CVEs Addressed | Fixed Version |
|---|---|---|---|---|
| VMware Cloud Foundation / vSphere Foundation | VMware Cloud Foundation Operations | 9.1.x.x | CVE-2026-41722, CVE-2026-41723 | 9.1.0.0 |
| VMware Cloud Foundation / vSphere Foundation | VMware Cloud Foundation Operations | 9.0.x.x | CVE-2026-41722, CVE-2026-41723 | 9.0.2.0 EP2 |
| VMware Aria Operations | N/A | 8.x | CVE-2026-41722, CVE-2026-41723 | 8.18.6 |
| VMware Aria Operations | N/A | 8.x | CVE-2026-41722, CVE-2026-41723, CVE-2026-41724 | 8.18.7 |
| VMware Cloud Foundation | VMware Aria Operations | 5.x | CVE-2026-41722, CVE-2026-41723, CVE-2026-41724 | 8.18.7 |
| VMware Telco Cloud Platform | VMware Aria Operations | 5.x | CVE-2026-41722, CVE-2026-41723, CVE-2026-41724 | KB443138 |
Administrators should prioritize applying the listed fixed versions promptly, given the absence of any workaround.
Organizations should check who has roles and limit permissions for making policies, views, and text-widgets. This will reduce the number of accounts that can cause these problems while fixes are being applied.
