CVE-2026-47865
VMware · Avi Load Balancer
VMware Avi Load Balancer is vulnerable to an authentication bypass, allowing unauthenticated attackers with network access to compromise the Avi Control plane.
Executive summary
A critical authentication bypass vulnerability in VMware Avi Load Balancer enables unauthenticated attackers to gain unauthorized access to the control plane, posing a severe risk to infrastructure.
Vulnerability
The vulnerability is an improper authentication flaw (CWE-287) in the Avi Control plane. The flaw allows an unauthenticated remote attacker to bypass authentication mechanisms entirely, granting full control over the load balancer.
Business impact
Successful exploitation allows an attacker to gain unauthorized administrative access to the load balancer, which serves as a central point for managing network traffic. This could lead to full system compromise, interception or manipulation of sensitive traffic, and significant service disruption. Given the CVSS score of 9.8, this vulnerability is classified as critical and requires immediate attention to prevent unauthorized administrative control.
Remediation
Immediate Action: Upgrade to the patched versions as specified by the vendor: 31.2.2-2p3 for the 31.x branch, or 30.2.7 for the 30.x and 22.x branches.
Proactive Monitoring: Monitor management interface access logs for unauthorized login attempts or unusual patterns originating from unexpected IP addresses.
Compensating Controls: Restrict network access to the Avi Control plane interface to trusted management subnets using network firewalls or ACLs until patching can be completed.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability represents a critical risk to the availability and integrity of your network infrastructure. Administrators should prioritize patching the Avi Load Balancer immediately and verify that access to control plane interfaces is restricted to authorized personnel only.