- Description
- VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https:// .
- Source
- security@vmware.com
- NVD status
- Analyzed
- Products
- aria_operations, cloud_foundation, telco_cloud_infrastructure, telco_cloud_platform
CVSS 3.1
- Type
- Primary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@vmware.com
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6748CC5F-63A6-459A-A0B4-D12A149AD2DB",
"versionEndExcluding": "8.18.6",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16C87F30-12CA-43F5-9057-BBE32666A515",
"versionEndExcluding": "5.2.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11F5C577-620E-4BD7-9429-E2FDC70D6667",
"versionEndExcluding": "9.0.2.0",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "904AA81A-D1C3-4DAF-BB2C-C51FEDF5B3F6",
"versionEndIncluding": "3.0",
"versionStartIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AE269-DD3E-4A60-91C1-D5C1FEAF0CF4",
"versionEndIncluding": "5.1",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]