VMware Tanzu Spring Security Critical Flaws, CVSS 9.6
Summary
CERT-Bund published a critical security advisory WID-SEC-2026-1221 for VMware Tanzu Spring Security, assigning a CVSS Base Score of 9.6 (critical) and a CVSS Temporal Score of 8.3 (high). Multiple vulnerabilities allow a remote attacker to disclose information, bypass security measures, impersonate users, or manipulate data, potentially enabling privilege escalation, SSRF, or Cross-Site-Scripting attacks. Affected versions are VMware Tanzu Spring Security <6.5.10, <7.0.5, and <7.1.0-RC1. Organizations running these versions should apply mitigations immediately.
“CVSS Base Score 9.6 (kritisch) CVSS Temporal Score 8.3 (hoch) Remoteangriff ja”
Organizations running VMware Tanzu Spring Security should inventory their deployments and confirm whether they are on affected versions (<6.5.10, <7.0.5, <7.1.0-RC1) as a priority — the CVSS 9.6 base score combined with remote exploitability places this in the highest-severity tier. Patching is the primary mitigation; interim workarounds should be evaluated where full patching is not immediately feasible.
About this source
GovPing monitors CERT-Bund Security Advisories for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 368 changes logged to date.
What changed
CERT-Bund issued a critical vulnerability advisory for VMware Tanzu Spring Security, assigning a CVSS Base Score of 9.6 (critical) and a CVSS Temporal Score of 8.3 (high). The advisory covers multiple vulnerabilities in affected versions (<6.5.10, <7.0.5, <7.1.0-RC1) that could allow a remote attacker to disclose information, bypass security controls, impersonate users, or manipulate data.
Organizations using VMware Tanzu Spring Security should prioritize patching to the latest patched versions (6.5.10, 7.0.5, or 7.1.0-RC1 or later) as the primary remediation. Where immediate patching is not feasible, organizations should review and apply available mitigations to reduce exposure to privilege escalation, SSRF, or Cross-Site-Scripting attacks.
What to do next
- Apply available mitigations immediately
Archived snapshot
Apr 22, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1221] VMware Tanzu Spring Security: Mehrere Schwachstellen CVSS Base Score 9.6 (kritisch) CVSS Temporal Score 8.3 (hoch) Remoteangriff ja Datum 21.04.2026 Stand 22.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
Spring Security ist ein Framework, das Authentifizierung, Autorisierung und Schutz vor gängigen Angriffen bietet.
Produkte
21.04.2026
- VMware Tanzu Spring Security <6.5.10
VMware Tanzu Spring Security <7.0.5
VMware Tanzu Spring Security <7.1.0-RC1
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in VMware Tanzu Spring Security ausnutzen, um Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, sich als Benutzer auszugeben oder Daten zu manipulieren – was möglicherweise eine Privilegieneskalation, SSRF- oder Cross-Site-Scripting-Angriffe ermöglicht. CVE Informationen Versionshistorie Feedback zum Advisory geben
Parties
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.