Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1961+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Security
  3. CVE-2026-47865: Critical Authentication Bypass in VMware Avi Load Balancer
CVE-2026-47865: Critical Authentication Bypass in VMware Avi Load Balancer

Critical Security Alert

This vulnerability is actively being exploited. Immediate action is recommended.

SECURITYCRITICALCVE-2026-47865

CVE-2026-47865: Critical Authentication Bypass in VMware Avi Load Balancer

A CVSS 9.8 authentication bypass vulnerability allows unauthenticated remote attackers to gain full access to the VMware Avi Load Balancer Control Plane. Broadcom has released patches across all affected version branches.

Dylan H.

Security Team

July 18, 2026
3 min read

Affected Products

  • VMware Avi Load Balancer 22.1.1–22.1.7, 30.1.1–30.2.6, 31.1.1–31.2.2

Overview

Broadcom disclosed a critical authentication bypass vulnerability in VMware Avi Load Balancer on July 18, 2026. Tracked as CVE-2026-47865 with a CVSS score of 9.8 (Critical), the flaw allows any malicious user with network access to completely circumvent authentication and gain unrestricted access to the Avi Control Plane—with no credentials required.

This is the most severe of four vulnerabilities disclosed simultaneously in the same product. Successful exploitation grants an attacker full confidentiality, integrity, and availability impact over the Control Plane.

Technical Details

AttributeValue
CVE IDCVE-2026-47865
CVSS Score9.8 (Critical)
CVSS VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWECWE-287 — Improper Authentication
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone

The vulnerability is classified as CWE-287 (Improper Authentication), meaning the application fails to properly verify the identity of users before granting access to protected functionality. An unauthenticated attacker on the same network segment—or reachable via a publicly exposed Control Plane interface—can exploit this flaw without any prior knowledge of credentials or system state.

Affected Versions

Version RangeStatusPatched Version
22.1.1 – 22.1.7VulnerableUpgrade to 30.2.7
30.1.1 – 30.2.6VulnerableUpgrade to 30.2.7
31.1.1 – 31.2.2VulnerableUpgrade to 31.2.2-2p3

Version 32.1.x is not affected by this specific CVE.

Risk Assessment

The combination of no authentication requirement, low attack complexity, and full CIA impact makes CVE-2026-47865 a top-priority remediation target. The VMware Avi Load Balancer Control Plane is the administrative hub for managing application delivery infrastructure—gaining access to it allows an attacker to:

  • Reconfigure load balancing rules and routing policies
  • Intercept or redirect application traffic
  • Pivot to backend application servers
  • Leverage companion RCE vulnerabilities (CVE-2026-47867, CVE-2026-47869) for code execution

In environments where the Control Plane is network-accessible (even internally), this flaw represents an immediate lateral movement and privilege escalation risk.

Remediation

Broadcom has released patches addressing this vulnerability. There are no documented workarounds—upgrading is the only remediation.

Upgrade path:

  • If running 22.1.x or 30.1.x–30.2.6: upgrade to 30.2.7
  • If running 31.1.x–31.2.2: upgrade to 31.2.2-2p3

The full advisory is available via the Broadcom Support Portal (authentication required). Organizations running older, end-of-life 22.1.x branches should treat the required jump to 30.2.7 as an urgent upgrade rather than a patch.

Recommendations

  1. Audit exposure immediately: Determine whether your Avi Control Plane is accessible from untrusted network segments or the internet. If so, restrict access with firewall rules while patching.
  2. Prioritize this patch: With a CVSS of 9.8 and no privileges required, this should be treated as a P0 remediation item.
  3. Apply all four patches together: This CVE was disclosed alongside three other vulnerabilities (CVE-2026-47866, CVE-2026-47867, CVE-2026-47869) in the same product. Apply the full patch bundle rather than cherry-picking.
  4. Review access logs: If patching is delayed, review Control Plane authentication logs for anomalous or unauthenticated access attempts.

References

  • NVD Entry — CVE-2026-47865
  • Broadcom Support Portal Advisory (authentication required)
#VMware#Avi Load Balancer#Authentication Bypass#Critical Vulnerability#Broadcom#CVE

Related Articles

CVE-2026-47866: Authorization Bypass in VMware Avi Load Balancer

A CVSS 8.3 authorization bypass vulnerability in VMware Avi Load Balancer allows low-privileged authenticated users to access restricted Control Plane resources without proper authorization. Patch to 30.2.7, 31.2.2-2p3, or 32.1.2.

4 min read

CVE-2026-47867: Remote Code Execution via Code Injection in VMware Avi Load Balancer

A CVSS 8.7 code injection vulnerability in VMware Avi Load Balancer enables high-privileged authenticated attackers to execute arbitrary code on the Control Plane, with scope change impact extending beyond the vulnerable component.

3 min read

CVE-2026-47869: Second RCE Code Injection Path in VMware Avi Load Balancer

Broadcom discloses a second CVSS 8.7 code injection vulnerability in VMware Avi Load Balancer. CVE-2026-47869 shares the same vector and impact as CVE-2026-47867, indicating a distinct injection point within the same component requiring the same patches.

4 min read
Back to all Security Alerts