VMware Telco Cloud response to VMSA-2026-0001
search cancel

VMware Telco Cloud response to VMSA-2026-0001

book

Article ID: 428241

calendar_today

Updated On:

Products

VMware Telco Cloud Infrastructure VMware Telco Cloud Platform

Issue/Introduction

Steps to remediate VMSA-2026-0001 on VMware Telco Cloud products.



Environment

TCP: 2.5, 2.7, 3.0, 4.0, 5.0, 5.0.1
TCI: 2.2, 2.5, 2.7, 3.0

Resolution

Patch Availability for VMware Telco Cloud Platform / Telco Cloud Infrastructure

VMware Aria (vRealize) Version

Build Number

TCP / TCI Version

Link

Notes

8.6.x, 8.10.x, 8.12.x

8.18.6 - 25211474

TCI 2.x, 3.x
TCP 3.x

Link

For unlisted TCP/TCI versions,
please contact VMware support for upgrade,
mitigation, and migration guidance.

8.14.x, 8.16.x, 8.17.x, 8.18.x

8.18.6 - 25211474

TCP 4.x, 5.x

Link

Additional Information

Workaround

Applicable for VMware Aria Operations (8.16.x – 8.18.x)

If immediate patching to version 8.18.6 is not possible, implement the following changes directly within the Aria Operations interface to secure the environment.

Step 1: Enforce Credential Ownership in Aria Operations (Prevents users from accessing or using credentials they do not explicitly own).

  1. Navigate to Administration > Global Settings > System Settings.

  2. Locate Credential ownership enforcement and set it to Activated.

Step 2: Harden vCenter User Roles in Aria Operations (Removes critical administrative capabilities from standard vCenter-imported users).

  1. Navigate to Administration > Access > Roles.

  2. Select the role assigned to your vCenter users (typically PowerUser) and click Edit.

  3. In the Permissions tab, Disable (Uncheck) the following three permissions:

    • Administration > Global Settings > Global Settings Page

    • Administration > Integrations

    • Administration > Control Panel > Authentication Sources

Powered by Wolken Software