7 Severe Vulnerabilities Patched in VMware Avi Load Balancer
Broadcom released updates for VMware Avi Load Balancer to patch seven critical and high-severity vulnerabilities discovered by external researchers. The most severe flaw, CVE-2026-47865, is a critical authentication bypass allowing network-based attackers to breach the Avi control plane. Additional vulnerabilities include remote code execution, privilege escalation, and directory traversal attacks, primarily affecting authenticated users or those with network access. No in-the-wild exploitation
Analysis
TL;DR
- Broadcom released updates for VMware Avi Load Balancer to patch seven critical and high-severity vulnerabilities discovered by external researchers.
- The most severe flaw, CVE-2026-47865, is a critical authentication bypass allowing network-based attackers to breach the Avi control plane.
- Additional vulnerabilities include remote code execution, privilege escalation, and directory traversal attacks, primarily affecting authenticated users or those with network access.
- No in-the-wild exploitation has been reported, but immediate patching is recommended due to the high risk associated with VMware product flaws.
Why It Matters
This update is critical for organizations relying on VMware Avi Load Balancer for hybrid and multi-cloud environments, as the patched vulnerabilities could lead to full system compromise. Security teams must prioritize applying these patches to prevent potential breaches, especially given the history of VMware products being targeted by threat actors.
Technical Details
- CVE-2026-47865: A critical authentication bypass vulnerability discovered by Filip Waeytens, allowing attackers with network access to breach the Avi control plane.
- CVE-2026-47866, 47867, 47868: High-severity flaws identified by Waeytens enabling authentication bypass, arbitrary code execution, and root privilege escalation, requiring network or local access.
- CVE-2026-47870, 47871: High-severity bugs found by Lang Khuong Duy facilitating privilege escalation and directory traversal attacks.
- CVE-2026-47869: A high-severity remote code execution vulnerability jointly reported by both researchers, exploitable by authenticated attackers with network access.
Industry Insight
Organizations should immediately verify their VMware Avi Load Balancer versions and apply the latest security patches to mitigate the risk of control plane breaches. Security monitoring should be enhanced to detect any anomalous authentication attempts or privilege escalation activities, even though no in-the-wild exploits have been confirmed yet.
Disclaimer: The above content is generated by AI and is for reference only.