Cloud foundation

This hub aggregates every CVE we track for Cloud foundation. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Cloud foundation.

• CVE-2026-41724VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)8.0Jun 8, 2026
• CVE-2026-41723VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)8.0Jun 8, 2026
• CVE-2026-41722VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)8.0Jun 8, 2026
• CVE-2026-22721VMware Aria Operations privilege escalation vulnerability6.2Feb 25, 2026
• CVE-2026-22720VMware Aria Operations stored cross-site scripting vulnerability8.0Feb 25, 2026
• CVE-2026-22719VMware Aria Operations command injection vulnerabilityKEV8.1Feb 25, 2026
• CVE-2025-41250Header injection vulnerability8.5Sep 29, 2025
• CVE-2025-41244VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)KEV7.8Sep 29, 2025
• CVE-2025-41241Denial-of-service vulnerability4.4Jul 29, 2025
• CVE-2025-41239vSockets information-disclosure vulnerability7.1Jul 15, 2025
• CVE-2025-41238PVSCSI heap-overflow vulnerability9.3Jul 15, 2025
• CVE-2025-41237VMCI integer-underflow vulnerability9.3Jul 15, 2025
• CVE-2025-41236VMXNET3 integer-overflow vulnerability9.3Jul 15, 2025
• CVE-2025-22245VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.5.9Jun 4, 2025
• CVE-2025-22244VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.6.9Jun 4, 2025