September 27, 2023

The U.S. CISA has added a critical vulnerability in VMware’s Cloud Foundation, tracked as CVE-2021-39144 with a CVSS score: 9.8 to its Known Exploited Vulnerabilities Catalog.

The RCE vulnerability present in the XStream open-source library. Unauthenticated attackers can exploit the vulnerability in low-complexity attacks without user interaction.


VMware has confirmed that exploit code leveraging CVE-2021-39144 against impacted products has been published. Due to the severity of the flaw, VMware also released security updates for some end-of-life products.

CISA orders federal agencies to fix this flaw by March 31, 2023.

Leave a Reply

%d bloggers like this: