CVE-2026-47867 in Avi Load Balancerinfo

Summary

by MITRE • 07/18/2026

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the Avi Control plane and execute code remotely.

Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/18/2026

The VMware Avi Load Balancer remote code execution vulnerability represents a critical security flaw that undermines the integrity of network infrastructure components. This vulnerability resides within the Avi Control plane system which serves as the central management and orchestration component for load balancing operations across enterprise networks. The affected versions span multiple release branches including 32.1.1, 31.1.1 through 31.2.2, 30.1.1 through 30.2.6, and 22.1.1 through 22.1.7, indicating a widespread issue that affects various generations of the Avi Load Balancer software stack. The vulnerability allows malicious actors with network access to gain unauthorized execution privileges within the control plane environment, fundamentally compromising the security posture of organizations relying on this load balancing solution.

Technical exploitation of this vulnerability stems from insufficient input validation and privilege escalation mechanisms within the Avi Control plane's authentication and authorization framework. The flaw enables attackers to craft specially crafted requests that bypass normal security controls and execute arbitrary code with elevated privileges. This typically occurs through manipulation of API endpoints or configuration interfaces that lack proper access controls and sanitization measures. The vulnerability aligns with CWE-20, which describes improper input validation issues that can lead to various security consequences including remote code execution. Attackers can leverage this weakness to establish persistent access, escalate privileges, and potentially move laterally within the network infrastructure where the load balancer operates.

The operational impact of this vulnerability extends beyond immediate system compromise to encompass significant business disruption and data exposure risks. Organizations utilizing affected Avi Load Balancer versions face potential denial of service conditions, unauthorized access to sensitive network traffic, and complete control over load balancing decisions that can affect application availability. The attack surface includes not only direct exploitation but also indirect consequences such as compromised SSL termination capabilities, altered traffic routing decisions, and potential data interception attacks. This vulnerability directly maps to several ATT&CK techniques including T1059 for command and script injection, T1078 for valid accounts usage, and T1566 for phishing attacks that may be used to initially gain network access before exploiting the load balancer vulnerability.

Organizations must implement immediate mitigation strategies including patching affected systems to the latest available versions as specified in the vendor advisories. The recommended remediation approach involves upgrading all affected Avi Load Balancer instances to versions 32.1.2, 31.2.2-2p3, 30.2.7, or 22.1.8 respectively, depending on the current version in use. Network segmentation and access control measures should be enhanced to limit network access to Avi Control plane interfaces to authorized personnel only. Monitoring solutions should be configured to detect unusual API activity patterns that may indicate exploitation attempts. Additionally, organizations should conduct comprehensive vulnerability assessments of their load balancing infrastructure and implement network-based intrusion detection systems to identify potential exploitation attempts. The remediation process must include thorough testing of patched environments to ensure compatibility with existing configurations while maintaining operational continuity.

Responsible

Vmware

Reservation

05/20/2026

Disclosure

07/18/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!