Threat Advisory

Broadcom VMware Vulnerabilities Enable Exploitation

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in VMware Cloud Foundation Operations, affecting products such as VMware Aria Operations and VMware Telco Cloud Platform, which are susceptible to stored XSS vulnerabilities, allowing malicious users to run unauthorized scripts within administrative dashboards, posing a significant business risk and potential impact on corporate network security.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in VMware Cloud Foundation Operations, affecting products such as VMware Aria Operations and VMware Telco Cloud Platform, which are susceptible to stored XSS vulnerabilities, allowing malicious users to run unauthorized scripts within administrative dashboards, posing a significant business risk and potential impact on corporate network security.[emaillocker id="1283"]

CVE-2026-41722 with a CVSS score of 8.0 – This vulnerability allows a malicious actor to inject scripts and perform administrative actions in VMware Cloud Foundation Operations by exploiting the ability to create policies, views, or text-widgets, enabling them to take control of corporate data profiles.

CVE-2026-41723 with a CVSS score of 8.0 – A malicious actor can exploit this vulnerability to inject scripts and perform administrative actions, similar to CVE-2026-41722, by leveraging their privileges to create policies, views, or text-widgets, thus gaining control over corporate data.

CVE-2026-41724 with a CVSS score of 8.0 – This vulnerability enables a malicious actor to inject scripts and perform administrative actions, posing a significant threat to corporate data security, by exploiting the same mechanism as the other two vulnerabilities.

The identified vulnerabilities pose a significant risk to businesses, as they can be exploited by malicious actors to gain control over corporate data profiles, resulting in potential data breaches and security compromises, which can have severe consequences for organizations, including financial losses and reputational damage, emphasizing the need for immediate attention and action to secure vulnerable systems.

RECOMMENDATION:

We recommend you to refer below link:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37513

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/vmware-stored-xss-bugs-patched/

[/emaillocker]
crossmenu