Ref# ADV2026_34 | Date: Jan 27th 2026

---

VMware published a security advisory highlighting vulnerabilities in the following product between January 19th and 25th, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• AI Services for VMware Tanzu Platform – versions prior to 10.3.3 

• Elastic Application Runtime for VMware Tanzu Platform – versions prior to 6.0.24+LTS-T 

• Elastic Application Runtime for VMware Tanzu Platform – versions prior to 10.3.4 

• Elastic Application Runtime for VMware Tanzu Platform – versions prior to 10.2.7+LTS-T 

• Extended App Support for Tanzu Platform – versions prior to 1.0.12 

• PHP Buildpack – versions prior to 4.6.62 

• VMware Tanzu Cloud Native Buildpack – versions prior to 0.6.3 

• VMware Tanzu Greenplum Backup and Restore – versions prior to 1.32.30 

• VMware Tanzu .NET Core Buildpack – versions prior to 2.4.73, 2.4.76 and 2.4.77 

• VMware Tanzu NodeJS Buildpack – versions prior to 1.8.73 

For more information on this update, you can follow this URL: 

https://www.cyber.gc.ca/en/alerts-advisories/vmware-security-advisory-av26-054 

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary. 

References 

• VMware Security advisories. (January 26th, 2026). Retrieved from Canadian Centre for Cyber Security https://www.cyber.gc.ca/en/alerts-advisories/vmware-security-advisory-av26-054 

• Security Advisory – Support Portal – Broadcom support portal. (n.d.). Support Portal. https://support.broadcom.com/web/ecx/security-advisory?