{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-22720","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2026-01-09T06:54:36.841Z","datePublished":"2026-02-25T19:33:14.729Z","dateUpdated":"2026-04-14T10:40:29.059Z"},"containers":{"cna":{"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2026-04-14T10:40:29.059Z"},"title":"VMware Aria Operations stored cross-site scripting vulnerability","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","type":"CWE"}]}],"affected":[{"vendor":"VMware","product":"VMware Aria Operations","packageName":"vmware-aria-operations","versions":[{"status":"affected","version":"8.18.0","lessThan":"8.18.6","versionType":"custom"},{"status":"unaffected","version":"8.18.6"}],"defaultStatus":"affected"},{"vendor":"VMware","product":"VMware Cloud Foundation Operations","packageName":"VMware Cloud Foundation Operations","versions":[{"status":"affected","version":"4.x","lessThan":"5.2.3","versionType":"custom"},{"status":"affected","version":"9.x.x","lessThan":"9.0.2","versionType":"custom"},{"status":"unaffected","version":"5.x","lessThan":"5.2.3","versionType":"custom"}],"defaultStatus":"affected"},{"vendor":"VMware","product":"VMware Telco Cloud Platform","packageName":"vmware-telco-cloud-platform","versions":[{"status":"affected","version":"4.0","lessThan":"5.2.3","versionType":"custom"},{"status":"unaffected","version":"5.2.3","versionType":"custom"}],"defaultStatus":"affected"},{"vendor":"VMware","product":"VMware Telco Cloud Infrastructure","packageName":"vmware-telco-cloud-infrastructure","versions":[{"status":"affected","version":"2.0","lessThan":"5.2.3","versionType":"custom"},{"status":"unaffected","version":"5.2.3"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. \n\nTo remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https:// .","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.&nbsp;</p><p>To remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https://\">VMSA-2026-0001</a>.</p>"}]}],"references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947","name":"VMSA-2026-0001: VMware Aria Operations updates (includes CVE-2026-22720)","tags":["vendor-advisory"]},{"url":"https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html","name":"VMware Aria Operations 8.18.6 Release Notes (resolves CVE-2026-22720)","tags":["release-notes"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}}],"solutions":[{"lang":"en","value":"Apply the vendor patches listed in the 'Fixed Version' column of the Response Matrix of  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 . Fixed versions include VMware Aria Operations 8.18.6 (for 8.x) and VMware Cloud Foundation Operations 9.0.2.0 (for 9.x).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>Apply the vendor patches listed in the 'Fixed Version' column of the Response Matrix of&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947\">VMSA-2026-0001</a>. Fixed versions include VMware Aria Operations 8.18.6 (for 8.x) and VMware Cloud Foundation Operations 9.0.2.0 (for 9.x).</p>"}]}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2026-22720","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-02-26T04:56:16.136372Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T14:44:05.372Z"}}]}}