VMware Tanzu for Postgres Vulnerability Allows Remote Code Execution
Summary
CERT-FR has issued a security advisory regarding a vulnerability in VMware Tanzu for Postgres that allows for remote code execution. Affected versions include multiple release lines prior to specific patch levels. Users are advised to consult VMware's security bulletin for remediation.
What changed
CERT-FR, the French national cybersecurity agency, has issued an advisory (CERTFR-2026-AVI-0346) detailing a critical vulnerability (CVE-2026-2006) in VMware Tanzu for Postgres. This vulnerability enables remote code execution, posing a significant risk to affected systems. Multiple versions of Tanzu for Postgres, including 15.x, 16.x, 17.x, 18.x, and versions prior to 14.22.0, are impacted.
Organizations utilizing VMware Tanzu for Postgres must immediately consult VMware's security bulletin (37294) for patch information and apply the necessary updates to mitigate the risk of remote code execution. Failure to do so could result in a compromise of sensitive data or system control by malicious actors. This advisory highlights the ongoing need for diligent patch management for critical infrastructure software.
What to do next
- Consult VMware security bulletin 37294 for patch information.
- Apply necessary patches to affected VMware Tanzu for Postgres versions.
- Review system logs for any signs of compromise.
Archived snapshot
Mar 24, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Premier Ministre S.G.D.S.N
Agence nationale
de la sécurité des
systèmes d'information
Paris, le 24 mars 2026 N° CERTFR-2026-AVI-0346 Affaire suivie par: CERT-FR
Avis du CERT-FR
Objet: Vulnérabilité dans VMware Tanzu pour Postgres
Gestion du document
| Référence | CERTFR-2026-AVI-0346 |
| Titre | Vulnérabilité dans VMware Tanzu pour Postgres |
| Date de la première version | 24 mars 2026 |
| Date de la dernière version | 24 mars 2026 |
| Source(s) | Bulletin de sécurité VMware 37294 du 23 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.
Risque
- Exécution de code arbitraire à distance
Systèmes affectés
- Tanzu pour Postgres versions 15.x antérieures à 15.17.0
- Tanzu pour Postgres versions 16.x antérieures à 16.13.0
- Tanzu pour Postgres versions 17.x antérieures à 17.9.0
- Tanzu pour Postgres versions 18.x antérieures à 18.3.0
- Tanzu pour Postgres versions antérieures à 14.22.0
Résumé
Une vulnérabilité a été découverte dans VMware Tanzu pour Postgres. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Documentation
- Bulletin de sécurité VMware 37294 du 23 mars 2026
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37294
- Référence CVE CVE-2026-2006
- https://www.cve.org/CVERecord?id=CVE-2026-2006
Gestion détaillée du document
- le 24 mars 2026 Version initiale
Named provisions
Related changes
Get daily alerts for CERT-FR Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-FR.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-FR Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.