CVE-2026-47866

VMware · Avi Load Balancer

VMware Avi Load Balancer is affected by an authorization bypass vulnerability that allows authenticated users to perform unauthorized actions.

Executive summary

An authorization bypass vulnerability in VMware Avi Load Balancer could allow an authenticated attacker to compromise system integrity and confidentiality.

Vulnerability

This is an authorization bypass flaw (CWE-863) that allows an authenticated user to perform actions beyond their assigned privileges. The attack requires low privileges and can be executed over the network.

Business impact

Successful exploitation of this vulnerability can lead to unauthorized access to sensitive load balancer configurations and traffic data. With a CVSS score of 8.3, this high-severity flaw poses a significant risk to operational security, potentially resulting in data exfiltration or service disruption.

Remediation

Immediate Action: Review the official Broadcom security advisory and apply the recommended patches for your specific version of the Avi Load Balancer.

Proactive Monitoring: Monitor system access logs for unusual administrative activity or unauthorized attempts to access restricted load balancer functions.

Compensating Controls: Implement strict network segmentation and restrict administrative access to the management interface to trusted IP addresses only.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the high CVSS score and the critical role of load balancers in network infrastructure, immediate patching is essential. Security teams should prioritize identifying affected instances and scheduling maintenance windows to apply the necessary vendor updates to prevent potential unauthorized access.