CVE-2026-47869

VMware · Avi Load Balancer

VMware Avi Load Balancer contains a remote code execution vulnerability that allows an authenticated attacker with high privileges to inject and execute arbitrary code.

Executive summary

A remote code execution vulnerability in VMware Avi Load Balancer allows high-privileged attackers to achieve system-level code execution.

Vulnerability

This is a code injection vulnerability (CWE-94) that enables remote code execution. The vulnerability is restricted to users who have already gained high-privileged access to the administrative interface of the load balancer.

Business impact

Successful exploitation allows an attacker to execute arbitrary code with elevated privileges on the Avi Load Balancer. This could lead to a complete compromise of the load balancer, enabling the attacker to intercept or manipulate network traffic, bypass security controls, and gain deeper access to the organization's internal infrastructure. The CVSS score of 8.7 underscores the critical nature of this vulnerability.

Remediation

Immediate Action: Apply the latest security patches provided by the vendor to all affected Avi Load Balancer instances.

Proactive Monitoring: Audit administrative logs for suspicious configuration changes or unauthorized command execution events.

Compensating Controls: Enforce strict access control policies on the management interface, ensuring that only trusted administrators can access the console.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Security teams must treat this vulnerability with high urgency. Patching the Avi Load Balancer is essential to prevent potential code injection attacks, and organizations should review their administrative access policies to ensure that only necessary personnel have the privileges required to reach the vulnerable management functions.