Cloud Foundation
Monthly
Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileges to administrative level within Aria Operations. The vulnerability affects multiple Broadcom products including Telco Cloud Platform, Aria Operations, and Cloud Foundation, requiring administrative intervention but no user interaction to exploit. Patches are available through VMSA-2026-0001.
Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious scripts and execute arbitrary administrative actions within the platform. This vulnerability affects VMware, Broadcom, and Telco Cloud Infrastructure products with a CVSS score of 8.0, requiring user interaction to trigger the attack. Patches are available through VMSA-2026-0001.
VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment.
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
VMware NSX Manager UI is vulnerable to stored cross-site scripting (XSS) attacks via improper input validation in user-controllable fields (CWE-79). An authenticated attacker with high privileges can inject malicious scripts that persist in the application and execute in the browsers of other users, potentially leading to session hijacking, credential theft, or unauthorized administrative actions. With a CVSS score of 7.5 and network-accessible attack vector, this vulnerability poses a moderate-to-high risk to NSX Manager deployments, particularly in multi-user environments.
VMware Cloud Foundation contains a missing authorisation vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.
VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel.
VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host.
VMware Aria Operations contains an information disclosure vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Aria Operations for Logs contains a privilege escalation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Aria Operations for Logs contains an information disclosure vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileges to administrative level within Aria Operations. The vulnerability affects multiple Broadcom products including Telco Cloud Platform, Aria Operations, and Cloud Foundation, requiring administrative intervention but no user interaction to exploit. Patches are available through VMSA-2026-0001.
Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious scripts and execute arbitrary administrative actions within the platform. This vulnerability affects VMware, Broadcom, and Telco Cloud Infrastructure products with a CVSS score of 8.0, requiring user interaction to trigger the attack. Patches are available through VMSA-2026-0001.
VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment.
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
VMware NSX Manager UI is vulnerable to stored cross-site scripting (XSS) attacks via improper input validation in user-controllable fields (CWE-79). An authenticated attacker with high privileges can inject malicious scripts that persist in the application and execute in the browsers of other users, potentially leading to session hijacking, credential theft, or unauthorized administrative actions. With a CVSS score of 7.5 and network-accessible attack vector, this vulnerability poses a moderate-to-high risk to NSX Manager deployments, particularly in multi-user environments.
VMware Cloud Foundation contains a missing authorisation vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.
VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel.
VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host.
VMware Aria Operations contains an information disclosure vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Aria Operations for Logs contains a privilege escalation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Aria Operations for Logs contains an information disclosure vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.