All CosmicBytez Labs articles tagged #Broadcom, across news, security advisories, how-to guides, and projects.
A CVSS 9.8 authentication bypass vulnerability allows unauthenticated remote attackers to gain full access to the VMware Avi Load Balancer Control Plane. Broadcom has released patches across all affected version branches.
A CVSS 8.3 authorization bypass vulnerability in VMware Avi Load Balancer allows low-privileged authenticated users to access restricted Control Plane resources without proper authorization. Patch to 30.2.7, 31.2.2-2p3, or 32.1.2.
A CVSS 8.7 code injection vulnerability in VMware Avi Load Balancer enables high-privileged authenticated attackers to execute arbitrary code on the Control Plane, with scope change impact extending beyond the vulnerable component.
Broadcom discloses a second CVSS 8.7 code injection vulnerability in VMware Avi Load Balancer. CVE-2026-47869 shares the same vector and impact as CVE-2026-47867, indicating a distinct injection point within the same component requiring the same patches.
CISA has added CVE-2026-22719, a high-severity command injection vulnerability in VMware Aria Operations allowing unauthenticated remote code execution,...