CVE-2026-47866
VMware · Avi Load Balancer
VMware Avi Load Balancer is affected by an authorization bypass vulnerability that allows authenticated users to perform unauthorized actions.
Executive summary
An authorization bypass vulnerability in VMware Avi Load Balancer could allow an authenticated attacker to compromise system integrity and confidentiality.
Vulnerability
This is an authorization bypass flaw (CWE-863) that allows an authenticated user to perform actions beyond their assigned privileges. The attack requires low privileges and can be executed over the network.
Business impact
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive load balancer configurations and traffic data. With a CVSS score of 8.3, this high-severity flaw poses a significant risk to operational security, potentially resulting in data exfiltration or service disruption.
Remediation
Immediate Action: Review the official Broadcom security advisory and apply the recommended patches for your specific version of the Avi Load Balancer.
Proactive Monitoring: Monitor system access logs for unusual administrative activity or unauthorized attempts to access restricted load balancer functions.
Compensating Controls: Implement strict network segmentation and restrict administrative access to the management interface to trusted IP addresses only.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the high CVSS score and the critical role of load balancers in network infrastructure, immediate patching is essential. Security teams should prioritize identifying affected instances and scheduling maintenance windows to apply the necessary vendor updates to prevent potential unauthorized access.