Vmware Cloud Foundation Operations vulnerabilities
2 known vulnerabilities affecting vmware/vmware_cloud_foundation_operations.
Total CVEs
2
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-22720CRITICALCVSS 9.0≥ 4.x, < 5.2.3≥ 9.x.x, < 9.0.22026-02-25
CVE-2026-22720 [CRITICAL] CWE-79 CVE-2026-22720: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.
To remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of VMSA-2026
cvelistv5nvd
CVE-2026-22719HIGHCVSS 8.1KEV≥ 9.0, < 9.0.2≥ 4.0, < 5.2.32026-02-25
CVE-2026-22719 [HIGH] CWE-77 CVE-2026-22719: VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.
To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version'
cvelistv5nvd