Overview
VMware has disclosed CVE-2026-47868, a local privilege escalation vulnerability in its Avi Load Balancer product. A malicious user with local system access may exploit flaws in the software to escalate their privileges and execute arbitrary code as root.
The vulnerability carries a CVSS v3.1 base score of 7.8 (High) and was published to the NVD on July 18, 2026.
Affected Versions
| Version Branch | Affected Range | Fixed Version |
|---|---|---|
| 32.x | 32.1.1 | 32.1.2 |
| 31.x | 31.1.1 – 31.2.2 | 31.2.2-2p3 |
| 30.x | 30.1.1 – 30.2.6 | 30.2.7 |
| 22.x | 22.1.1 and later (branch) | See VMware advisory |
Technical Details
The vulnerability exists in the local privilege escalation surface of VMware Avi Load Balancer. Specifically, improper access controls or unsafe operations allow a locally authenticated user to gain elevated privileges up to root on the affected system.
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Impact: High Confidentiality, High Integrity, High Availability
Remediation
VMware has released patches to address this vulnerability:
- 32.x: Upgrade to 32.1.2 or later
- 31.x: Upgrade to 31.2.2-2p3 or later
- 30.x: Upgrade to 30.2.7 or later
Administrators should apply the appropriate fix for their version branch as soon as possible.
Mitigation
If immediate patching is not possible:
- Restrict local access to Avi Load Balancer management nodes to trusted administrators only
- Audit local user accounts and remove any unnecessary accounts
- Monitor for unusual privilege escalation activity in system logs
- Apply principle of least privilege across all service accounts
References
- NVD Entry — CVE-2026-47868
- VMware Security Advisory (check Broadcom/VMware security portal for the official advisory)