VMSA-2026-0005: VMware Avi Load Balancer addresses multiple vulnerabilities (CVE-2026-47865, CVE-2026-47866, CVE-2026-47867, CVE-2026-47868, CVE-2026-47869, CVE-2026-47870, CVE-2026-47871)
37926
14 July 2026
14 July 2026
OPEN
CRITICAL
7.1-9.8
CVE-2026-47865, CVE-2026-47866, CVE-2026-47867, CVE-2026-47868, CVE-2026-47869, CVE-2026-47870, CVE-2026-47871
|
Advisory ID: |
VMSA-2026-0005 |
|
Advisory Severity: |
Critical |
|
CVSSv3 Range: |
7.1 - 9.8 |
|
Synopsis: |
VMware Avi Load Balancer addresses multiple vulnerabilities (CVE-2026-47865, CVE-2026-47866, CVE-2026-47867, CVE-2026-47868, CVE-2026-47869, CVE-2026-47870, CVE-2026-47871) |
|
Issue date: |
2026-07-14 |
|
Updated on: |
2026-07-14 (Initial advisory) |
|
CVE(s) |
CVE-2026-47865, CVE-2026-47866, CVE-2026-47867, CVE-2026-47868, CVE-2026-47869, CVE-2026-47870, CVE-2026-47871 |
1. Impacted Products
- VMware Avi Load Balancer
2. Introduction
Multiple vulnerabilities in Avi Load Balancer were privately reported to Broadcom. Patches are available to remediate these vulnerabilities in the affected Broadcom product.
3a. VMware Avi Load Balancer Authentication Bypass Vulnerability (CVE-2026-47865)
Description:
VMware Avi Load Balancer contains an authentication bypass vulnerability. Broadcom has evaluated the severity of the issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Known Attack Vectors:
A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism.
Resolution:
To remediate CVE-2026-47865 apply the software upgrade to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
Broadcom would like to thank Filip Waeytens (NATO NCSC) for reporting this issue to us.
Notes:
None.
3b. VMware Avi Load Balancer Authentication Bypass Vulnerability (CVE-2026-47866)
Description:
VMware Avi Load Balancer contains an authentication bypass vulnerability. Broadcom has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3.
Known Attack Vectors:
A malicious actor on the network can bypass authentication to access a limited subset of the Avi Control Plane.
Resolution:
To remediate CVE-2026-47866 apply the software upgrade to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
Broadcom would like to thank Filip Waeytens (NATO NCSC) for reporting this issue to us.
Notes:
None.
3c. VMware Avi Load Balancer Remote Code Execution Vulnerability (CVE-2026-47867)
Description:
VMware Avi Load Balancer contains a remote code execution vulnerability. Broadcom has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8.7.
Known Attack Vectors:
A malicious user with network access may be able to access the Avi Control plane and execute code remotely.
Resolution:
To remediate CVE-2026-47867 apply the software upgrade to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
Broadcom would like to thank Filip Waeytens (NATO NCSC) for reporting this issue to us.
Notes:
None.
3d. VMware Avi Load Balancer Local Privilege Escalation Vulnerability (CVE-2026-47868)
Description:
VMware Avi Load Balancer contains a local privilege escalation vulnerability. Broadcom has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Known Attack Vectors:
A malicious user with local access may be able to escalate their privileges to run code as root.
Resolution:
To remediate CVE-2026-47868 apply the software upgrade to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
Broadcom would like to thank Filip Waeytens (NATO NCSC) for reporting this issue to us.
Notes:
None.
3e. VMware Avi Load Balancer Remote Code Execution Vulnerability (CVE-2026-47869)
Description:
VMware Avi Load Balancer contains a remote code execution vulnerability. Broadcom has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8.7.
Known Attack Vectors:
A malicious authenticated user with network access may be able to inject and execute code.
Resolution:
To remediate CVE-2026-47869 apply the software upgrade to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
Broadcom would like to thank Filip Waeytens (NATO NCSC) and Lang Khuong Duy (Viettel IDC) for reporting this issue to us.
Notes:
None.
3f. VMware Avi Load Balancer Privilege Escalation Vulnerability (CVE-2026-47870)
Description:
VMware Avi Load Balancer contains a privilege escaltion vulnerability. Broadcom has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
Known Attack Vectors:
A malicious authenticated user with network access may be able to execute remote code.
Resolution:
To remediate CVE-2026-47870 apply the software upgrade to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
Broadcom would like to thank Lang Khuong Duy (Viettel IDC) for reporting this issue to us.
Notes:
None.
3g. VMware Avi Load Balancer Directory Traversal Vulnerability (CVE-2026-47871)
Description:
VMware Avi Load Balancer contains a directory traversal vulnerability. Broadcom has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.
Known Attack Vectors:
Flaws in file path validation allow malicious, authenticated network users to perform directory traversal attacks.
Resolution:
To remediate CVE-2026-47871 apply the software upgrade to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
Broadcom would like to thank Lang Khuong Duy (Viettel IDC) for reporting this issue to us.
Notes:
None
Response Matrix:
|
Product |
Version |
Running On |
CVE |
CVSSv3 |
Severity |
Fixed Version |
Workarounds |
Additional Documents |
|
VMware Avi Load Balancer |
32.1.1 |
Any |
CVE-2026-47866, CVE-2026-47867, CVE-2026-47868, CVE-2026-47869, CVE-2026-47870, CVE-2026-47871 |
Important |
32.1.2 |
None |
None |
|
|
VMware Avi Load Balancer |
31.1.1 - 31.2.2 |
Any |
CVE-2026-47865, CVE-2026-47866, CVE-2026-47867, CVE-2026-47868, CVE-2026-47869, CVE-2026-47870, CVE-2026-47871 |
Critical |
[1] 31.2.2-2p3 |
None |
None |
|
|
VMware Avi Load Balancer |
30.2.1- 30.2.6 |
Any |
CVE-2026-47865, CVE-2026-47866, CVE-2026-47867, CVE-2026-47868, CVE-2026-47869, CVE-2026-47870, CVE-2026-47871 |
Critical |
[1] 30.2.7 |
None |
None |
|
|
VMware Avi Load Balancer |
22.1.1- 22.1.7 |
Any |
CVE-2026-47865, CVE-2026-47866, CVE-2026-47867, CVE-2026-47868, CVE-2026-47869, CVE-2026-47870, CVE-2026-47871 |
Critical |
[1] 30.2.7 |
None |
None |
[1] VMware Avi Load Balancer 32.1.2 is the recommended version, which is also the most recent version currently available.
4. References:
Fixed Version(s) and Release Notes:
VMware Avi Load Balancer 32.1.2
VMware Avi Load Balancer 31.2.2-2-p3
VMware Avi Load Balancer 30.2.7
Additional Documentation:
Version 22.1.x must be upgraded to at least 30.2.7 or later.
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47871
FIRST CVSSv3 Calculator:
CVE-2026-47865
https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2026-47866
https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CVE-2026-47867
https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CVE-2026-47868
https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2026-47869
https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CVE-2026-47870
https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2026-47871
https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5. Change Log:
2026-07-14: VMSA-2026-0005
Initial security advisory.
6. Contact:
E-mail: [email protected]
PGP key
https://knowledge.broadcom.com/external/article/321551
VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories
VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response
VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle
VMware Security Blog
https://blogs.vmware.com/security
X
https://x.com/VMwareSRC
Copyright 2026 Broadcom All rights reserved.