ZeroPath at Black Hat USA 2026

VMware Cloud Foundation Operations CVE-2026-41722: Overview of Stored XSS Enabling Administrative Takeover

A brief summary of CVE-2026-41722, a stored cross-site scripting vulnerability in VMware Cloud Foundation Operations that allows low privileged users to inject persistent scripts capable of executing administrative actions in the management interface.

CVE Analysis

10 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-06-08

VMware Cloud Foundation Operations CVE-2026-41722: Overview of Stored XSS Enabling Administrative Takeover
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Three stored cross-site scripting vulnerabilities disclosed simultaneously in VMware Cloud Foundation Operations reveal a systemic input sanitization failure in one of the most widely deployed enterprise virtualization management platforms. CVE-2026-41722, the lead CVE in advisory VMSA-2026-0004, allows an authenticated user with relatively modest privileges to plant persistent JavaScript payloads that execute whenever an administrator views the compromised resource, effectively enabling privilege escalation to full administrative control of the management plane.

This disclosure arrives just four months after CVE-2026-22719, a command injection flaw in the same product line, was confirmed as actively exploited in the wild and added to the CISA Known Exploited Vulnerabilities catalog. The combination of proven adversary interest in VMware Aria/VCF Operations and a recurring pattern of stored XSS (this is the third round in 18 months) makes CVE-2026-41722 a priority for any organization running this management stack.

Technical Information

Root Cause: Insufficient Input Sanitization in Configurable UI Elements

CVE-2026-41722 is a stored cross-site scripting vulnerability classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) per the NVD entry. The root cause is that VMware Cloud Foundation Operations does not adequately sanitize user-supplied input when users create or modify policies, views, or text-widgets within the management interface. These are configurable UI surfaces that accept user content and render it back to other users, including administrators, without proper encoding or escaping of embedded script content.

The CVSSv3.1 base score is 8.0 with vector AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The breakdown is significant:

CVSS ComponentValueImplication
Attack VectorNetworkExploitable remotely; no physical or adjacent network access needed
Attack ComplexityLowNo race conditions, specialized configurations, or timing dependencies
Privileges RequiredLowAny authenticated user with policy/view/widget creation rights
User InteractionRequiredAn administrator must navigate to the page containing the payload
ScopeUnchangedImpact stays within the VCF Operations component boundary
ConfidentialityHighFull information disclosure possible via session hijacking
IntegrityHighArbitrary administrative modifications possible
AvailabilityHighService disruption achievable through administrative actions

Attack Flow

Based on the advisory details and vulnerability characteristics, the exploitation sequence proceeds as follows:

  1. Initial Access: The attacker authenticates to VMware Cloud Foundation Operations with a low-privilege account that has permissions to create policies, views, or text-widgets. This could be a legitimate insider, a compromised service account, or an account obtained through credential theft.

  2. Payload Injection: The attacker crafts a policy, view, or text-widget containing malicious JavaScript. Because the application does not sanitize the input, the script is stored persistently in the application's backend.

  3. Trigger via User Interaction: When an administrator (or any other user with higher privileges) navigates to the page displaying the attacker's policy, view, or text-widget, the stored JavaScript executes in the administrator's browser session.

  4. Administrative Action Execution: The injected script runs with the full privileges of the viewing administrator's session. This enables the attacker to perform arbitrary administrative actions within VCF Operations, including modifying configurations, accessing sensitive data, creating new administrative accounts, or disrupting service availability.

The persistence of stored XSS is what makes this particularly concerning compared to reflected XSS variants. The payload remains active until explicitly removed, meaning it can trigger against multiple administrators over an extended period without any further action from the attacker.

CVE-2026-41722 was not disclosed in isolation. VMSA-2026-0004 covers three stored XSS vulnerabilities, all sharing the same CVSS score of 8.0:

  • CVE-2026-41722
  • CVE-2026-41723
  • CVE-2026-41724

The fact that three separate CVEs were assigned for what appears to be the same vulnerability class across different UI surfaces suggests that the input sanitization failure is not confined to a single code path. Rather, multiple independently developed UI components share the same lack of output encoding or input validation.

Systemic Pattern Across Advisory Cycles

This is not the first time stored XSS has been found in this product line. The table below illustrates the recurrence:

CVE IDDisclosure DateProduct NameInjection SurfaceCVSS
CVE-2025-22220January 2025VMware Aria OperationsNon-admin user contextSimilar to 8.0
CVE-2026-22720February 2026VMware Aria OperationsCustom benchmark creation8.0
CVE-2026-41722June 2026VCF OperationsPolicies, views, text-widgets8.0
CVE-2026-41723June 2026VCF OperationsRelated surface (same advisory)8.0
CVE-2026-41724June 2026VCF OperationsRelated surface (same advisory)8.0

Each advisory cycle addresses a different set of configurable UI elements, but the underlying vulnerability class remains identical. This pattern indicates that Broadcom's remediation approach has been to patch individual injection points rather than implementing a framework-level solution such as automatic output encoding across all rendered user content.

Affected Systems and Versions

Based on the Broadcom advisory (VMSA-2026-0004), the following products and versions are affected:

ProductAffected VersionsFixed Version
VMware Aria Operations8.x (prior to 8.18.7)8.18.7 (all three CVEs); 8.18.6 (partial, 2 of 3 CVEs)
VCF / vSphere Foundation9.1.x9.1.0.0
VCF / vSphere Foundation9.0.x9.0.2.0 EP2
VMware Cloud Foundation5.xPer advisory guidance
VMware Telco Cloud Platform5.xPer KB443138

Organizations running VMware Aria Operations should target version 8.18.7 specifically, as version 8.18.6 only addresses two of the three CVEs in this advisory. For VCF and vSphere Foundation deployments, the fixed versions are 9.1.0.0 for the 9.1.x branch and 9.0.2.0 EP2 for the 9.0.x branch.

Broadcom has explicitly confirmed that no workarounds are available for any of the three CVEs, making patch application the sole remediation path. Interim risk reduction measures include restricting who can create policies, views, and text-widgets to the minimum necessary set of administrators, monitoring audit logs for anomalous creation activity in these categories, and enforcing network segmentation around VCF Operations management interfaces.

Vendor Security History

The VMware Aria/VCF Operations product line has accumulated a notable track record of security advisories under Broadcom's stewardship. The following table summarizes recent advisories directly relevant to this product:

AdvisoryDateCVEsSeverityVulnerability Types
VMSA-2025-0002January 30, 2025CVE-2025-22219, CVE-2025-22220HighStored XSS, information disclosure
VMSA-2026-0001February 24, 2026CVE-2026-22719, CVE-2026-22720, CVE-2026-227218.1 / 8.0Command injection, stored XSS, privilege escalation
VMSA-2026-0004June 8, 2026CVE-2026-41722, CVE-2026-41723, CVE-2026-417248.0Stored XSS

The most consequential of these was CVE-2026-22719, a command injection vulnerability from VMSA-2026-0001 that was added to the CISA Known Exploited Vulnerabilities catalog in March 2026 after confirmed in-the-wild exploitation. Federal Civilian Executive Branch agencies were mandated to remediate by March 24, 2026.

The credit for discovering and reporting the VMSA-2026-0004 vulnerabilities goes to Alexis Bernazzani of Visa Inc., indicating responsible disclosure from a major financial services organization. This underscores that enterprises with significant security programs are actively auditing the VCF Operations attack surface and finding exploitable flaws.

VMware continues to hold the largest share of the on-premises virtualization market in 2026, with tens of thousands of enterprise accounts. However, Gartner estimates project VMware's market share declining from approximately 70% in 2024 to around 40% by 2029, driven by customer migration following the Broadcom acquisition. For organizations evaluating their long-term virtualization strategy, the recurring nature of these vulnerabilities in a critical management plane component is a relevant data point.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization