Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN430 _____________________________________________________________________ DATE : 27/04/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Tanzu Data Lake versions prior to 4.0.0. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404 _____________________________________________________________________ VMware Tanzu Data Lake 4.0.0 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite Notification Id 37404 Last Updated 24 April 2026 Initial Publication Date 24 April 2026 Status CLOSED Severity CRITICAL CVSS Base Score 10.0 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2026-0258 Severity: Critical Issue Date: 2026-04-24 Updated on: Synopsys Resolution of multiple vulnerabilities across critical, high, medium, and low severity levels in the controller and runtime bundles. Product Version Release Advisory VMware Tanzu Data Lake 4.0.0 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-data-lake/4-0/tdl/cve.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Tanzu Data Intelligence runtime CVE-2024-47875 (Critical) CVE-2022-37601 (Critical) CVE-2017-7525 (Critical) CVE-2024-47561 (Critical) CVE-2025-7783 (Critical) CVE-2019-20444 (Critical) CVE-2024-48910 (Critical) CVE-2026-33228 (High) CVE-2025-54920 (High) CVE-2026-23950 (High) CVE-2026-26996 (High) CVE-2024-56373 (High) CVE-2025-9624 (High) CVE-2026-24842 (High) CVE-2026-23745 (High) CVE-2026-29786 (High) CVE-2026-31802 (High) GHSA-5c6j-r48x-rmvq (High) CVE-2025-54550 (High) CVE-2026-4800 (High) GHSA-36jr-mh4h-2g58 (High) CVE-2024-57083 (High) CVE-2021-31684 (High) CVE-2026-27904 (High) CVE-2026-29074 (High) CVE-2022-25883 (High) CVE-2023-34610 (High) CVE-2023-39410 (High) CVE-2024-7254 (High) CVE-2020-13949 (High) CVE-2022-3510 (High) CVE-2021-22569 (High) CVE-2022-3517 (High) CVE-2026-25639 (High) CVE-2026-27903 (High) CVE-2021-37137 (High) CVE-2023-52428 (High) CVE-2025-12758 (High) CVE-2022-41404 (High) CVE-2024-57699 (High) CVE-2022-37603 (High) CVE-2025-7962 (High) CVE-2022-38900 (High) CVE-2024-21538 (High) CVE-2021-0341 (High) CVE-2025-68675 (High) CVE-2023-43642 (High) CVE-2026-33671 (High) CVE-2026-2229 (High) CVE-2024-47554 (High) CVE-2022-3509 (High) CVE-2025-41249 (High) CVE-2019-0205 (High) CVE-2023-1370 (High) CVE-2026-32141 (High) CVE-2022-37599 (High) CVE-2023-34455 (High) CVE-2026-1526 (High) CVE-2024-37890 (High) CVE-2025-27821 (High) CVE-2024-13009 (High) CVE-2022-46175 (High) CVE-2026-26960 (High) CVE-2024-45801 (High) GHSA-r4q5-vmmm-2653 (Medium) GHSA-h8r8-wccr-v5f2 (Medium) CVE-2026-41239 (Medium) CVE-2026-25219 (Medium) CVE-2024-29131 (Medium) CVE-2025-13465 (Medium) CVE-2024-23953 (Medium) CVE-2021-43797 (Medium) CVE-2024-29133 (Medium) CVE-2025-27555 (Medium) CVE-2023-26136 (Medium) CVE-2026-2950 (Medium) CVE-2026-33750 (Medium) CVE-2023-34462 (Medium) CVE-2025-68470 (Medium) CVE-2026-24098 (Medium) CVE-2025-65995 (Medium) CVE-2024-28863 (Medium) CVE-2026-1525 (Medium) CVE-2024-6485 (Medium) CVE-2025-8916 (Medium) CVE-2025-8885 (Medium) CVE-2021-21290 (Medium) CVE-2025-27789 (Medium) CVE-2025-22227 (Medium) CVE-2025-56200 (Medium) CVE-2019-20445 (Medium) CVE-2026-41240 (Medium) GHSA-v78c-4p63-2j6c (Medium) CVE-2024-25710 (Medium) CVE-2023-34454 (Medium) CVE-2024-8184 (Medium) CVE-2024-34447 (Medium) CVE-2023-34453 (Medium) CVE-2026-22036 (Medium) CVE-2026-34043 (Medium) CVE-2024-30171 (Medium) CVE-2018-10237 (Medium) CVE-2021-21409 (Medium) CVE-2021-21295 (Medium) CVE-2022-3171 (Medium) CVE-2025-1647 (Medium) CVE-2023-2976 (Medium) CVE-2023-42503 (Medium) CVE-2023-33202 (Medium) CVE-2024-26308 (Medium) CVE-2025-69873 (Medium) CVE-2024-11831 (Medium) CVE-2024-29857 (Medium) CVE-2026-33672 (Medium) GHSA-cjmm-f4jc-qw8r (Medium) GHSA-cj63-jhhr-wcxv (Medium) CVE-2025-66236 (Medium) GHSA-39q2-94rc-95cp (Medium) CVE-2023-26115 (Medium) CVE-2025-64718 (Medium) CVE-2023-33201 (Medium) CVE-2024-53382 (Medium) CVE-2025-62718 (Medium) CVE-2026-40175 (Medium) CVE-2026-1527 (Medium) CVE-2025-26791 (Medium) CVE-2026-33532 (Medium) CVE-2025-68458 (Low) CVE-2025-68157 (Low) CVE-2026-3449 (Low) CVE-2025-5889 (Low) GHSA-56x4-j7p9-fcf9 (Low) GHSA-73rr-hh4g-fpgx (Low) Tanzu Data Intelligence Controller CVE-2026-29145 (Critical) CVE-2026-22732 (Critical) CVE-2025-66614 (Critical) CVE-2025-48734 (High) CVE-2026-33871 (High) CVE-2026-24734 (High) CVE-2021-22569 (High) CVE-2026-33870 (High) CVE-2022-3510 (High) CVE-2024-7254 (High) CVE-2022-3509 (High) CVE-2026-2332 (High) GHSA-72hv-8253-57qq (Medium) CVE-2025-48924 (Medium) CVE-2024-29131 (Medium) CVE-2025-67735 (Medium) CVE-2024-29133 (Medium) CVE-2026-25854 (Medium) CVE-2024-25710 (Medium) CVE-2026-22737 (Medium) CVE-2025-11226 (Medium) CVE-2022-3171 (Medium) CVE-2024-26308 (Medium) CVE-2025-11143 (Low) CVE-2026-24733 (Low) CVE-2026-22735 (Low) CVE-2025-61795 (Low) CVE-2026-1225 (Low) History 2026-04-24 Initial vulnerability report published. Contact E-mail: [email protected] VMware Tanzu Security Advisories https://tanzu.vmware.com/security ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================