Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1969+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Security
  3. CVE-2026-47868: VMware Avi Load Balancer Local Privilege Escalation
CVE-2026-47868: VMware Avi Load Balancer Local Privilege Escalation
SECURITYHIGHCVE-2026-47868

CVE-2026-47868: VMware Avi Load Balancer Local Privilege Escalation

A local privilege escalation vulnerability in VMware Avi Load Balancer allows malicious local users to execute code as root. Versions 22.x through 32.1.1...

Dylan H.

Security Team

July 19, 2026
2 min read

Affected Products

  • VMware Avi Load Balancer 22.1.x, 30.1.x - 30.2.6, 31.1.x - 31.2.2, 32.1.1

Overview

VMware has disclosed CVE-2026-47868, a local privilege escalation vulnerability in its Avi Load Balancer product. A malicious user with local system access may exploit flaws in the software to escalate their privileges and execute arbitrary code as root.

The vulnerability carries a CVSS v3.1 base score of 7.8 (High) and was published to the NVD on July 18, 2026.

Affected Versions

Version BranchAffected RangeFixed Version
32.x32.1.132.1.2
31.x31.1.1 – 31.2.231.2.2-2p3
30.x30.1.1 – 30.2.630.2.7
22.x22.1.1 and later (branch)See VMware advisory

Technical Details

The vulnerability exists in the local privilege escalation surface of VMware Avi Load Balancer. Specifically, improper access controls or unsafe operations allow a locally authenticated user to gain elevated privileges up to root on the affected system.

Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Impact: High Confidentiality, High Integrity, High Availability

Remediation

VMware has released patches to address this vulnerability:

  • 32.x: Upgrade to 32.1.2 or later
  • 31.x: Upgrade to 31.2.2-2p3 or later
  • 30.x: Upgrade to 30.2.7 or later

Administrators should apply the appropriate fix for their version branch as soon as possible.

Mitigation

If immediate patching is not possible:

  • Restrict local access to Avi Load Balancer management nodes to trusted administrators only
  • Audit local user accounts and remove any unnecessary accounts
  • Monitor for unusual privilege escalation activity in system logs
  • Apply principle of least privilege across all service accounts

References

  • NVD Entry — CVE-2026-47868
  • VMware Security Advisory (check Broadcom/VMware security portal for the official advisory)
#Vulnerability#CVE#VMware#Privilege Escalation#Load Balancer

Related Articles

CVE-2026-47870: VMware Avi Load Balancer Authenticated Remote Code Execution

An authenticated privilege escalation flaw in VMware Avi Load Balancer enables network-connected users to execute remote code. CVSS 7.1 High — all...

2 min read

CVE-2026-47871: VMware Avi Load Balancer Directory Traversal

A directory traversal vulnerability in VMware Avi Load Balancer allows authenticated network users to bypass file path validation and access arbitrary...

3 min read

CVE-2026-47866: Authorization Bypass in VMware Avi Load Balancer

A CVSS 8.3 authorization bypass vulnerability in VMware Avi Load Balancer allows low-privileged authenticated users to access restricted Control Plane...

4 min read
Back to all Security Alerts