FHN 
VMware has disclosed three high-severity security vulnerabilities affecting VMware Cloud Foundation (VCF) Operations that could allow attackers to inject malicious scripts into management interfaces.
The vulnerabilities, tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, were published under security advisory VMSA-2026-0004 on June 8, 2026. The flaws carry a CVSS score of 8.0, highlighting the potential risk to enterprise environments running affected versions of VCF Operations.
Because these vulnerabilities involve stored cross-site scripting (XSS), attackers may be able to plant malicious code that executes whenever administrators access compromised sections of the platform.
How the Vulnerabilities Work
According to VMware, the flaws stem from improper handling of user-supplied input within VCF Operations management interfaces.
The platform fails to properly validate and sanitize certain data before displaying it to users. As a result, attackers can store malicious JavaScript code within the application. When an administrator or another privileged user later views the affected page, the malicious script automatically executes in their browser.
Unlike reflected XSS attacks, stored XSS remains embedded in the application until removed, increasing the chances of successful exploitation.
A successful attack could allow threat actors to:
- Hijack administrator sessions
- Steal authentication tokens
- Access sensitive information
- Modify configuration settings
- Perform unauthorized actions
- Maintain persistence within the environment
- Potentially move deeper into connected infrastructure
Why Organizations Should Take This Seriously
VCF Operations often serves as a central management platform for virtualization, cloud resources, and infrastructure operations. In many organizations, it integrates with other VMware services, including vCenter and cloud automation environments.
Because of this connectivity, a successful compromise could have broader consequences beyond a single application.
Security experts warn that attackers may attempt to combine these vulnerabilities with other weaknesses or misconfigurations to gain additional access and privileges across enterprise environments.
The risk is especially high in organizations where multiple administrators regularly access shared management consoles, as any authorized user visiting a compromised interface could unknowingly trigger the malicious code.
No Workarounds Available
VMware has confirmed that there are currently no workarounds for these vulnerabilities.
Organizations are strongly advised to install the latest security updates as soon as possible. Delaying remediation could increase the risk of exploitation, particularly if proof-of-concept code becomes publicly available.
Administrators should also consider the following security measures:
- Apply VMware security patches immediately
- Restrict access to VCF Operations interfaces
- Monitor logs for unusual activity
- Review administrator account permissions
- Watch for suspicious session behavior
- Investigate unexpected script execution events
- Strengthen overall access controls
While web application firewalls and browser security controls may provide limited protection, VMware emphasizes that these measures should not replace patching.
The disclosure of these vulnerabilities serves as another reminder that enterprise management platforms remain valuable targets for attackers. Securing these critical control systems is essential for protecting modern virtualized and cloud-based environments.
About the Author
