CVE-2026-47869
VMware · Avi Load Balancer
VMware Avi Load Balancer contains a remote code execution vulnerability that allows an authenticated attacker with high privileges to inject and execute arbitrary code.
Executive summary
A remote code execution vulnerability in VMware Avi Load Balancer allows high-privileged attackers to achieve system-level code execution.
Vulnerability
This is a code injection vulnerability (CWE-94) that enables remote code execution. The vulnerability is restricted to users who have already gained high-privileged access to the administrative interface of the load balancer.
Business impact
Successful exploitation allows an attacker to execute arbitrary code with elevated privileges on the Avi Load Balancer. This could lead to a complete compromise of the load balancer, enabling the attacker to intercept or manipulate network traffic, bypass security controls, and gain deeper access to the organization's internal infrastructure. The CVSS score of 8.7 underscores the critical nature of this vulnerability.
Remediation
Immediate Action: Apply the latest security patches provided by the vendor to all affected Avi Load Balancer instances.
Proactive Monitoring: Audit administrative logs for suspicious configuration changes or unauthorized command execution events.
Compensating Controls: Enforce strict access control policies on the management interface, ensuring that only trusted administrators can access the console.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Security teams must treat this vulnerability with high urgency. Patching the Avi Load Balancer is essential to prevent potential code injection attacks, and organizations should review their administrative access policies to ensure that only necessary personnel have the privileges required to reach the vulnerable management functions.