Product Release Advisory - VMware Tanzu GemFire on Kubernetes 2.6.2

Product/Component

VMware Tanzu Data Intelligence

3 more products

Notification Id

37258

Last Updated

20 March 2026

Initial Publication Date

20 March 2026

Status

CLOSED

Severity

HIGH

CVSS Base Score

WorkAround

Affected CVE

Security Advisory

Advisory ID:	TNZ-2026-0254
Severity:	High
Issue Date:	2026-03-19
Updated on:
Synopsis	Bumped multiple dependency which resulted in at least four CVEs remediated in this release

Product Version Release Advisory

VMware Tanzu GemFire on Kubernetes 2.6.2
https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire-on-kubernetes/2-6/gf-k8s/index.html

Security Fixes

This release has the following security fixes, listed by component and area.

Component	Vulnerabilities Resolved
go.yaml.in/yaml/v2	CVE-2022-28948 (high)
go.yaml.in/yaml/v3	CVE-2022-28948 (high)
go.opentelemetry.io/otel/sdk	CVE-2026-24051 (high)
cert-manager	CVE-2026-25518 (medium)

History

2026-03-19: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security