VMware releases advisory on multiple privilege‑escalation vulnerabilities affecting Tanzu Kubernetes Runtime stemcells running Ubuntu Jammy versions earlier than 1.1193.x. The advisory, issued on 1 May 2026, identifies two CVEs (CVE‑2026‑31431 and CVE‑2026‑341431). Attackers could exploit these flaws to gain elevated privileges within the runtime environment. Users are advised to consult VMware’s Security Advisory 37431 for patches and guidance. The advisory was published by the CERT‑FR on 4 May 2026. No further mitigation details are provided beyond reference to the vendor bulletin. The advisory references the VMware security bulletin 37431, available on Broadcom’s support portal, and lists the CVE identifiers with links to CVE.org for further information. Affected systems include Ubuntu Jammy stemcells below version 1.1193.x used in Tanzu deployments. Administrators should apply the vendor‑supplied patches as soon as possible to mitigate the risk.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.