Product Release Advisory - VMware Tanzu GemFire 10.2.3

Product/Component

VMware Tanzu Data Intelligence

3 more products

Notification Id

37466

Last Updated

07 May 2026

Initial Publication Date

07 May 2026

Status

CLOSED

Severity

CRITICAL

CVSS Base Score

9.1

WorkAround

Affected CVE

Product Release Advisory

Advisory ID:	TNZ-2026-0277
Severity:	Critical
Issue Date:	2026-05-07
Updated on:
Synopsis	Bumped 5 component versions resulting in 6 vulnerabilities fixed in Tanzu GemFire 10.2.3.

Product Version Release Advisory

VMware Tanzu GemFire 10.2.3
https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire/10-2/gf/cve.html

Security Fixes

This release has the following security fixes, listed by component and area.

Component	Vulnerabilities Resolved
Netty	CVE-2026-33871 (high) CVE-2026-33870 (high)
Jackson	GHSA-72hv-8253-57qq (medium)
Spring Framework	CVE-2025-41242 (medium)
Spring Security	CVE-2026-22732 (critical)
Spring Boot	CVE-2026-22733 (high)

History

2026-05-07: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security