Introduction
Three stored cross-site scripting vulnerabilities disclosed simultaneously in VMware Cloud Foundation Operations reveal a systemic input sanitization failure in one of the most widely deployed enterprise virtualization management platforms. CVE-2026-41722, the lead CVE in advisory VMSA-2026-0004, allows an authenticated user with relatively modest privileges to plant persistent JavaScript payloads that execute whenever an administrator views the compromised resource, effectively enabling privilege escalation to full administrative control of the management plane.
This disclosure arrives just four months after CVE-2026-22719, a command injection flaw in the same product line, was confirmed as actively exploited in the wild and added to the CISA Known Exploited Vulnerabilities catalog. The combination of proven adversary interest in VMware Aria/VCF Operations and a recurring pattern of stored XSS (this is the third round in 18 months) makes CVE-2026-41722 a priority for any organization running this management stack.
Technical Information
Root Cause: Insufficient Input Sanitization in Configurable UI Elements
CVE-2026-41722 is a stored cross-site scripting vulnerability classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) per the NVD entry. The root cause is that VMware Cloud Foundation Operations does not adequately sanitize user-supplied input when users create or modify policies, views, or text-widgets within the management interface. These are configurable UI surfaces that accept user content and render it back to other users, including administrators, without proper encoding or escaping of embedded script content.
The CVSSv3.1 base score is 8.0 with vector AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The breakdown is significant:
| CVSS Component | Value | Implication |
|---|---|---|
| Attack Vector | Network | Exploitable remotely; no physical or adjacent network access needed |
| Attack Complexity | Low | No race conditions, specialized configurations, or timing dependencies |
| Privileges Required | Low | Any authenticated user with policy/view/widget creation rights |
| User Interaction | Required | An administrator must navigate to the page containing the payload |
| Scope | Unchanged | Impact stays within the VCF Operations component boundary |
| Confidentiality | High | Full information disclosure possible via session hijacking |
| Integrity | High | Arbitrary administrative modifications possible |
| Availability | High | Service disruption achievable through administrative actions |
Attack Flow
Based on the advisory details and vulnerability characteristics, the exploitation sequence proceeds as follows:
-
Initial Access: The attacker authenticates to VMware Cloud Foundation Operations with a low-privilege account that has permissions to create policies, views, or text-widgets. This could be a legitimate insider, a compromised service account, or an account obtained through credential theft.
-
Payload Injection: The attacker crafts a policy, view, or text-widget containing malicious JavaScript. Because the application does not sanitize the input, the script is stored persistently in the application's backend.
-
Trigger via User Interaction: When an administrator (or any other user with higher privileges) navigates to the page displaying the attacker's policy, view, or text-widget, the stored JavaScript executes in the administrator's browser session.
-
Administrative Action Execution: The injected script runs with the full privileges of the viewing administrator's session. This enables the attacker to perform arbitrary administrative actions within VCF Operations, including modifying configurations, accessing sensitive data, creating new administrative accounts, or disrupting service availability.
The persistence of stored XSS is what makes this particularly concerning compared to reflected XSS variants. The payload remains active until explicitly removed, meaning it can trigger against multiple administrators over an extended period without any further action from the attacker.
Batch Disclosure: Three Related CVEs
CVE-2026-41722 was not disclosed in isolation. VMSA-2026-0004 covers three stored XSS vulnerabilities, all sharing the same CVSS score of 8.0:
- CVE-2026-41722
- CVE-2026-41723
- CVE-2026-41724
The fact that three separate CVEs were assigned for what appears to be the same vulnerability class across different UI surfaces suggests that the input sanitization failure is not confined to a single code path. Rather, multiple independently developed UI components share the same lack of output encoding or input validation.
Systemic Pattern Across Advisory Cycles
This is not the first time stored XSS has been found in this product line. The table below illustrates the recurrence:
| CVE ID | Disclosure Date | Product Name | Injection Surface | CVSS |
|---|---|---|---|---|
| CVE-2025-22220 | January 2025 | VMware Aria Operations | Non-admin user context | Similar to 8.0 |
| CVE-2026-22720 | February 2026 | VMware Aria Operations | Custom benchmark creation | 8.0 |
| CVE-2026-41722 | June 2026 | VCF Operations | Policies, views, text-widgets | 8.0 |
| CVE-2026-41723 | June 2026 | VCF Operations | Related surface (same advisory) | 8.0 |
| CVE-2026-41724 | June 2026 | VCF Operations | Related surface (same advisory) | 8.0 |
Each advisory cycle addresses a different set of configurable UI elements, but the underlying vulnerability class remains identical. This pattern indicates that Broadcom's remediation approach has been to patch individual injection points rather than implementing a framework-level solution such as automatic output encoding across all rendered user content.
Affected Systems and Versions
Based on the Broadcom advisory (VMSA-2026-0004), the following products and versions are affected:
| Product | Affected Versions | Fixed Version |
|---|---|---|
| VMware Aria Operations | 8.x (prior to 8.18.7) | 8.18.7 (all three CVEs); 8.18.6 (partial, 2 of 3 CVEs) |
| VCF / vSphere Foundation | 9.1.x | 9.1.0.0 |
| VCF / vSphere Foundation | 9.0.x | 9.0.2.0 EP2 |
| VMware Cloud Foundation | 5.x | Per advisory guidance |
| VMware Telco Cloud Platform | 5.x | Per KB443138 |
Organizations running VMware Aria Operations should target version 8.18.7 specifically, as version 8.18.6 only addresses two of the three CVEs in this advisory. For VCF and vSphere Foundation deployments, the fixed versions are 9.1.0.0 for the 9.1.x branch and 9.0.2.0 EP2 for the 9.0.x branch.
Broadcom has explicitly confirmed that no workarounds are available for any of the three CVEs, making patch application the sole remediation path. Interim risk reduction measures include restricting who can create policies, views, and text-widgets to the minimum necessary set of administrators, monitoring audit logs for anomalous creation activity in these categories, and enforcing network segmentation around VCF Operations management interfaces.
Vendor Security History
The VMware Aria/VCF Operations product line has accumulated a notable track record of security advisories under Broadcom's stewardship. The following table summarizes recent advisories directly relevant to this product:
| Advisory | Date | CVEs | Severity | Vulnerability Types |
|---|---|---|---|---|
| VMSA-2025-0002 | January 30, 2025 | CVE-2025-22219, CVE-2025-22220 | High | Stored XSS, information disclosure |
| VMSA-2026-0001 | February 24, 2026 | CVE-2026-22719, CVE-2026-22720, CVE-2026-22721 | 8.1 / 8.0 | Command injection, stored XSS, privilege escalation |
| VMSA-2026-0004 | June 8, 2026 | CVE-2026-41722, CVE-2026-41723, CVE-2026-41724 | 8.0 | Stored XSS |
The most consequential of these was CVE-2026-22719, a command injection vulnerability from VMSA-2026-0001 that was added to the CISA Known Exploited Vulnerabilities catalog in March 2026 after confirmed in-the-wild exploitation. Federal Civilian Executive Branch agencies were mandated to remediate by March 24, 2026.
The credit for discovering and reporting the VMSA-2026-0004 vulnerabilities goes to Alexis Bernazzani of Visa Inc., indicating responsible disclosure from a major financial services organization. This underscores that enterprises with significant security programs are actively auditing the VCF Operations attack surface and finding exploitable flaws.
VMware continues to hold the largest share of the on-premises virtualization market in 2026, with tens of thousands of enterprise accounts. However, Gartner estimates project VMware's market share declining from approximately 70% in 2024 to around 40% by 2029, driven by customer migration following the Broadcom acquisition. For organizations evaluating their long-term virtualization strategy, the recurring nature of these vulnerabilities in a critical management plane component is a relevant data point.
References
- NVD: CVE-2026-41722
- Broadcom Security Advisory VMSA-2026-0004
- Broadcom Security Advisory VMSA-2026-0001
- VMware Security Advisories Portal
- CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719
- Broadcom Fixes Critical VMware Stored XSS Bugs
- VMware Aria Operations Vulnerabilities May Lead to Remote Compromise
- CISA Known Exploited Vulnerabilities Catalog
- NVD: CVE-2026-22720
- NVD: CVE-2026-22719
- VMware Aria Operations Security Update (VMSA-2026-0001) Analysis
- VMware Market Share 2026: Real Numbers



