What is the CVSS score of CVE-2026-41723?

CVE-2026-41723 has a CVSS 3.1 base score of 8.0 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of VMware Cloud Foundation Operations are affected by CVE-2026-41723?

VMware Cloud Foundation Operations and Aria Operations (versions 5.x-9.1.x) contain a stored cross-site scripting vulnerability (CVSS 8.0) that allows authenticated users with administrative or…

How to fix or mitigate CVE-2026-41723?

Within 24 hours: Audit and document all accounts with policy, view, and text-widget creation privileges; immediately restrict these permissions to essential administrative accounts. Within 7 days: Implement input validation and output encoding on widget and policy creation functions; deploy Web Application Firewall rules to block script injection patterns. Within 30 days: Monitor VMware security advisories for patch availability; plan and test upgrade path to patched versions when released.

VMware Cloud Foundation Operations CVE-2026-41723

EUVD-2026-35031 HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-06-08 vmware

GHSA-wfp8-3hcq-xm45

XSS VMware Vcf Operations Vmware Aria Operations Vmware Telco Cloud Platform

8.0

CVSS 3.1 · Vendor: vmware

Severity by source

Vendor (vmware) PRIMARY

8.0 HIGH

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from Vendor (vmware) · only source for this CVE.

CVSS VectorVendor: vmware

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 10:34 vuln.today

CVE Published

Jun 08, 2026 - 07:06 nvd

HIGH 8.0

DescriptionCVE.org

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.

Articles & Coverage 1

News 3 New VMware Vulnerabilities - 3 High Severity Patched Jun 09, 2026

AnalysisAI

Stored cross-site scripting in VMware Cloud Foundation Operations (formerly Aria Operations) allows authenticated users with policy, view, or text-widget creation privileges to inject malicious scripts that execute in other users' browsers, including administrators. Affected products include VCF Operations 5.x through 9.1.x, VMware Aria Operations 8.18.x, and VMware Telco Cloud Platform 5.x. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as low-privilege operator

Delivery

Create policy/view/text-widget with stored JS payload

Exploit

Wait for admin to view object

Execution

Payload executes in admin browser session

Persist

Issue privileged API calls as admin

Impact

Persist access or alter platform configuration

Access

Authenticate as low-privilege operator

Delivery

Create policy/view/text-widget with stored JS payload

Exploit

Wait for admin to view object

Execution

Payload executes in admin browser session

Persist

Issue privileged API calls as admin

Impact

Persist access or alter platform configuration

Vulnerability AssessmentAI

Exploitation	Attacker must hold an authenticated account on VMware Cloud Foundation Operations (or Aria Operations / Telco Cloud Platform) with privileges to create or modify policies, custom views, or text widgets - these are not default unauthenticated endpoints. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) reflects a network-reachable attack with low complexity but requiring low-privileged authentication and user interaction - typical of a stored XSS where the victim must view the malicious object. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A low-privileged operator account - obtained via phishing, credential reuse, or insider access - is used to create a custom view, policy, or text widget containing a malicious JavaScript payload. When an administrator subsequently opens that object in the Operations UI, the script executes in the admin's authenticated session and silently issues API calls to modify policies, create accounts, or alter monitored infrastructure configurations. …
Remediation	Patch available per vendor advisory - consult Broadcom Security Advisory 37513 at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37513 for the exact fixed builds applicable to your deployment (VCF Operations 5.x/9.0.x/9.1.x, Aria Operations 8.18.x, and Telco Cloud Platform 5.x). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit and document all accounts with policy, view, and text-widget creation privileges; immediately restrict these permissions to essential administrative accounts. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-41723 vulnerability details – vuln.today

Back

VMware Cloud Foundation Operations CVE-2026-41723

Severity by source

CVSS VectorVendor: vmware

Lifecycle Timeline

DescriptionCVE.org

Articles & Coverage 1

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code