CVE-2026-47867

VMware · Avi Load Balancer

VMware Avi Load Balancer is vulnerable to a remote code execution flaw that allows an authenticated attacker with high privileges to inject and execute arbitrary code.

Executive summary

A critical remote code execution vulnerability in VMware Avi Load Balancer allows high-privileged attackers to gain control over the system.

Vulnerability

This is a code injection vulnerability (CWE-94) that permits remote code execution. The vulnerability requires the attacker to possess high privileges, meaning the attacker must already be authenticated to the administrative interface to perform the attack.

Business impact

An attacker who successfully exploits this vulnerability can achieve remote code execution, granting them full control over the load balancer. Given the critical position of load balancers in network architecture, this access could lead to total compromise of traffic, data interception, and lateral movement into the backend network. The CVSS score of 8.7 reflects the severe impact on system integrity and confidentiality.

Remediation

Immediate Action: Apply the vendor-provided security patches immediately, prioritizing systems that are internet-facing.

Proactive Monitoring: Monitor management interface access logs for unauthorized administrative activity or unusual command execution patterns.

Compensating Controls: Restrict access to the management console of the Avi Load Balancer to specific, secure jump hosts or VPN-only access to prevent unauthorized administrative login.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

The severity of this remote code execution vulnerability necessitates immediate remediation. Administrative teams should ensure that all instances of the Avi Load Balancer are updated to a secure version and verify that administrative access is restricted to authorized personnel only to minimize the risk of exploitation.