Product Releases
| VCF Operations | 9.0.2.0200 | 06/08 | Download | Release Notes |
| VCF Ops fleet management | 9.0.2.0200 | 06/08 | Download | Release Notes |
| VCF Operations for Logs | 9.0.2.0200 | 06/08 | Download | Release Notes |
| VCF Identity Broker | 9.0.2.0200 | 06/08 | Download | Release Notes |
| VCF Automation | 9.0.2.0200 | 06/08 | Download | Release Notes |
VMSA-2026-0004
| VCF Operations updates address multiple vulnerabilities CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724 | CVSSv38.0 |
| VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities. Broadcom has evaluated the severity of these issues to be in the Important severity range with a maximum CVSSv3 base score of 8.0. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. To remediate CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724 apply the patches listed in the ‚Fixed Version‘ column of the ‚Response Matrix‘ found below. Broadcom would like to thank Alexis Bernazzani (Visa Inc.) for reporting these issues to us. Product / ComponentVersionCVEFixed VersionWorkaroundVCF9.1.xCVE-2026-4172CVE-2026-417239.1.0.0noneVVF9.1.xCVE-2026-4172CVE-2026-417239.1.0.0noneVCF9.0.xCVE-2026-4172CVE-2026-417239.0.2.0 EP2noneVVF9.0.xCVE-2026-4172CVE-2026-417239.0.2.0 EP2noneAria Operations8.xCVE-2026-4172CVE-2026-417238.18.6noneAria Operations8.xall8.18.7noneVCF5.xall8.18.7noneTelco Cloud5.xallKB443138none | |
Product Lifecycle
| Product | Version | EOS |
|---|---|---|
| VMware Tools | 11.3.0 | 17.06.26 |
| VMware Tools | 11.3.5 | 17.06.26 |
| VMware Cloud Director Object Storage Extension | 3.0.0.1 | 27.06.26 |
| VMware Cloud Director Object Storage Extension | 3.1 | 27.06.26 |
| VMware Cloud Director Object Storage Extension | 3.1.0.1 | 27.06.26 |
| VMware Cloud Director Object Storage Extension | 3.1.0.2 | 27.06.26 |
| VMware Aria Automation Config | 8.17.0 | 30.06.26 |
KB Articles
Some new and updated KB articles
| Subject | ID |
|---|---|
| NSX Global Manager Upgrade is stuck at 36% | 444182 |
| Unable to Add vNIC to Powered-On Virtual Machine Due to Disabled Hot-Plug | 444157 |
| Hardware version mismatch alarm generated during NSX upgrade | 444109 |
| ESX host disconnect during configuration of vSphere Configuration Profile | 444099 |
| Understanding VCF License Portability | 444084 |
| VIDB incorrectly identified as „Embedded“ after VCF 9.1 Upgrade | 444003 |
| Cost information is not being displayed for catalog items in VCF Automation 9.0.2 VM-Apps Org | 443941 |
| Virtual machine in invalid state after power outage on ESXi host | 443916 |
| Aria Suite Lifecycle: Message „tdnf update info not available yet!“ Appears on SSH Login | 443915 |
| ESXi 9.1 Host Experiences PSOD During Installation on HPE Hardware | 443904 |
| VCF 9 Create VCF Operations Support Bundle | 443789 |
| NTP Synchronization Issues on ESXi Hosts | 443781 |
| VCF 9.1 upgrade fails with „VCF Instance Cloud Proxy Registration validation failed“ | 443737 |
| Embedded Orchestrator Integration Shows Incorrect Endpoint After Upgrade from Aria Automation 8.18.x to VCFA 9.x (VM Apps Tenancy) | 443720 |
| VCF Automation 9.1 installation fails with „Unable to determine deployment network.“ | 443713 |
| Collecting an ESX log bundle using the VMware Host Client in ESX 9.1 or later | 443633 |
| SDDC Manager Blocked from VCF 9.0.2 Plan Upgrade Due to NSX Advanced Load Balancer Incompatibility | 443599 |
| Error :“The Component Is Already at Version 9.1.0″ during Log Management Upgrade in VCF Operations 9.1 | 443484 |
| HCX 9.x OSAM Fix-up failure „The guest operations agent could not be contacted“ due to NSX Manager credential issues | 443475 |
| Backup/Restore Performance Issues over VDDK NBD Transport Mode | 443450 |
| Error : „Licenses could not be assigned to the vCenter System. Please try again or check the error logs. If the issue persists contact support“ seen during license assignment on VCF 9.1 | 443446 |
| How to Delete an Unused Security Group via NSX Manager UI and Policy API | 443429 |
| Configuring CyberArk PAM for VMware ESXi and vCenter | 443426 |
| Fleet Management 9.x Fails to Create VCF Automation 9.x with ‚Need a Valid FQDN‘ Error“ | 443413 |
| VCF 9.x Bring-Up Fails: „Insufficient space to deploy vCenter Server“ (vSAN State Desync) | 443396 |
| Error: LCMVMSP10002 during upgrade to VCF Automation 9.x due to database size | 443395 |
| Database Upgrade Fails and RaaS Service Remains Offline After Upgrading Aria Automation Config to 8.18.3 | 443389 |
| Compute Manager Lost Connectivity alarm in NSX after Global Manager is upgraded to NSX 9.0.2 in Federated Environment. | 443378 |
| ESXi and vCenter 9.x binaries missing from vSphere download page in Broadcom Support Portal | 443375 |
| ServiceNow – Aria Operations Alert Retrieval Failures via MID Server due to Excessive Token Requests | 443328 |
| VMware Tools 13 not visible on Broadcom Support Portal download page | 443308 |
| Error: „Node type ‚WITNESS‘ is not resizable“ received when trying to scale VCF Operations CA cluster | 443287 |
| Virtual machine performance severely degrades after vMotion to new hosts with Sub-NUMA Clustering | 443262 |
| Direct login and remote access to the VCF 9.1 License Server appliance are disabled | 443251 |
| Impact and Monitoring of VCF Operations 9.1 and License Server Downtime on vCenter Licensing | 443240 |
| Error „License manager is not in active state“ occurs when downloading a license file from the VMware Business Console | 443234 |
| Connecting to an existing VCF Operations manager instance during VCF 9.0 deployment fails with an internal server error | 443217 |
OnSite Events
Incl. VMUG User/cons
| Explore – Las Vegas | Aug 31- Sep 03 | |
| Explore on Tour – Mumbai | September 29-30 | |
| Explore on Tour – Singapore | October 1 – 2 | |
| Explore on Tour – Frankfurt | October 13-14 | |
| Explore on Tour – Tokyo | October 20-21 | |
| VMUG Connect – Orlando | October 20-22 | |
| Explore on Tour – London | November 18-19 | |
| Explore on Tour – Washington D.C. | December 8 | |
| Local VMUG Events Overview | ||
Podcast | Webinar | Blog Posts
Podcasts , Blogs and Webinars published last week
Blogpost
| Quick Tip: Resolving OVFTool „Failed to Send File“ Errors on macOSwhy-did-it.fail | Blogpost |
| We all know about the well known services like vCenter and Operations but to run a private cloud stack like VCF, a number of auxiliary services are required. Essentially, the VCF Management Services are a VCF-managed set of virtual machines that form a Kubernetes cluster which hosts and exposes these services for consumption.To put it simpler, instead of deploying a dozen individual virtual machines with independent lifecycle and availability requirements, we provide a centralized platform that cares for the basics and just runs containers on top of it. Let’s look at the bare minimum set of services that is deployed in the first VCF Management Services instance (typical in your management domain): […] | |
| Quick Tip: Resolving OVFTool „Failed to Send File“ Errors on macOSwilliamlam.com | Blogpost |
| I frequently deploy and re-deploy VMware Virtual Appliances (OVA), which I fully automate using OVFTool from my macOS x86 system. Recently, I noticed that deployments would consistently fail roughly 3 out of 5 times with a generic error message like the following [..] | |
| Modernize with Virtualized StorageVMware Cloud Foundation | Blogpost |
| This blog was originally published on January 15, 2025 and has been updated to reflect VCF 9.1 updates. Are you planning on deploying or have you already stood up your VMware Cloud Foundation (VCF) private cloud using VMware vSAN? If you have deployed or are thinking of deploying [..] | |
VMware Security Advisories History 2026
Full Overview
| VMSA ID | Products | Affected CVE |
| VMSA-2026-0003 | Fusion | CVE-2026-41702 |
| VMSA-2026-0002 | VMware WorkstationVMware Fusion | CVE-2026-22715CVE-2026-22716CVE-2026-22717CVE-2026-22722 |
| VMSA-2026-0001 | Aria Operations | CVE-2026-22719 CVE-2026-22720 CVE-2026-22721 |