Cyber Posture

CVE-2026-22720

High

Published: 25 February 2026

Published
25 February 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0013 31.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches listed in…

more

the 'Fixed Version' column of the 'Response Matrix' of VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https:// .

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 mandates timely flaw remediation through patching, directly addressing the stored XSS vulnerability as specified in VMSA-2026-0001.

SI-10 Information Input Validation good match
prevent

SI-10 enforces input validation on custom benchmarks to block malicious script injection by privileged users.

SI-15 Information Output Filtering good match
prevent

SI-15 applies output filtering when rendering custom benchmarks, preventing execution of injected scripts.

Security SummaryAI

CVE-2026-22720 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, in VMware Aria Operations. Published on 2026-02-25, it carries a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). The flaw allows malicious script injection through custom benchmarks created within the VMware Aria Operations platform.

A malicious actor with privileges to create custom benchmarks can exploit this vulnerability over the network with low complexity. Exploitation requires user interaction but enables the attacker to execute scripts that perform administrative actions in VMware Aria Operations, resulting in high impacts to confidentiality, integrity, and availability.

VMSA-2026-0001 advises applying patches listed in the 'Fixed Version' column of the 'Response Matrix' to remediate CVE-2026-22720. Additional details are available in the security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 and VMware Aria Operations 8.18.6 release notes at https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html.

Details

CWE(s)
CWE-79

Affected Products

vmware
aria operations
8.0 — 8.18.6
vmware
cloud foundation
4.0 — 5.2.3 · 9.0 — 9.0.2.0
vmware
telco cloud infrastructure
2.2 — 3.0
vmware
telco cloud platform
4.0 — 5.1

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Stored XSS enables injection and execution of malicious JavaScript (T1059.007) in the browser context of a privileged user viewing custom benchmarks, facilitating administrative actions via exploitation for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References