Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN507 _____________________________________________________________________ DATE : 13/05/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Tanzu for Valkey on Kubernetes, VMware Tanzu for MySQL on Kubernetes. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37450 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37451 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37452 _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey on Kubernetes 3.3.4 Product/Component VMware Tanzu Data Intelligence 5 more products Notification Id 37450 Last Updated 06 May 2026 Initial Publication Date 06 May 2026 Status CLOSED Severity CRITICAL CVSS Base Score 9.1 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2026-0267 Severity: Critical Issue Date: 2026-05-06 Updated on: Synopsis One critical & few high vulnerabilities were found in Tanzu for Valkey on Kubernetes 3.3.3, which is addressed in Tanzu for Valkey on Kubernetes 3.3.4 Product Version Release Advisory VMware Tanzu for Valkey on Kubernetes 3.3.4 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-valkey-on-kubernetes/3-3/valkey-on-kubernetes/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey Operator 3.3.3, fixed in Valkey Operator 3.3.4 GHSA-p77j-4mvh-x3m3 (critical) GHSA-6g7g-w4f8-9c9x (high) CVE-2026-4111 (high) GHSA-gx3x-vq4p-mhhv (medium) CVE-2025-14831 (medium) CVE-2025-9820 (medium) GHSA-q9hv-hpm4-hj6x (low) CVE-2025-62813 (unknown) History 2026-05-06: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey on Kubernetes 3.4.0 Product/Component VMware Tanzu Data Intelligence 5 more products Notification Id 37451 Last Updated 07 May 2026 Initial Publication Date 07 May 2026 Status CLOSED Severity CRITICAL CVSS Base Score 9.8 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2026-0268 Severity: Critical Issue Date: 2026-05-06 Updated on: Synopsis One critical & few high vulnerabilities were found in Tanzu for Valkey on Kubernetes 3.3.4, which is addressed in Tanzu for Valkey on Kubernetes 3.4.0 Product Version Release Advisory VMware Tanzu for Valkey on Kubernetes 3.4.0 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-valkey-on-kubernetes/3-4/valkey-on-kubernetes/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey Operator 3.3.4, fixed in Valkey Operator 3.4.0 CVE-2026-27143 (critical) CVE-2026-27140 (high) CVE-2026-32280 (high) CVE-2026-32283 (high) CVE-2026-27135 (high) CVE-2026-5121 (high) CVE-2026-32281 (high) CVE-2026-25679 (high) CVE-2026-4424 (high) CVE-2026-27144 (high) CVE-2025-14819 (medium) CVE-2026-32282 (medium) CVE-2026-32289 (medium) CVE-2026-27142 (medium) GHSA-xmrv-pmrh-hhx2 (medium) CVE-2026-32288 (medium) GHSA-44p7-9xx4-hf2g (medium) CVE-2026-27139 (low) History 2026-05-06: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu for MySQL on Kubernetes 2.0.3 Product/Component VMware Tanzu Data Intelligence 7 more products Notification Id 37452 Last Updated 07 May 2026 Initial Publication Date 07 May 2026 Status CLOSED Severity CRITICAL CVSS Base Score 9.8 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2026-0269 Severity: Issue Date: 2026-05-06 Updated on: Synopsis Many critical & high vulnerabilities were found in MySQL for Kubernetes 2.0.2, which is addressed in MySQL for Kubernetes 2.0.3 Product Version Release Advisory VMware Tanzu for MySQL on Kubernetes 2.0.3 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-mysql-on-kubernetes/2-0/vmware-mysql-k8s/cve.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved MySQL 2.0.2, fixed in MySQL 2.0.3 CVE-2026-27143 (critical) CVE-2026-27140 (high) CVE-2026-33810 (high) CVE-2026-6100 (high) CVE-2026-32281 (high) CVE-2026-5121 (high) CVE-2026-32280 (high) CVE-2026-25679 (high) CVE-2026-27135 (high) CVE-2026-4424 (high) CVE-2026-32283 (high) CVE-2026-4786 (high) CVE-2026-4519 (high) CVE-2026-27144 (high) GHSA-r4pg-vg54-wxx4 (medium) CVE-2026-4878 (medium) CVE-2026-32282 (medium) CVE-2026-32289 (medium) CVE-2026-27142 (medium) CVE-2026-32288 (medium) GHSA-m5vv-6r4h-3vj9 (medium) CVE-2025-10158 (medium) CVE-2026-27139 (low) History 2026-05-06: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: tanzu.vmware.com/security ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================