CVE-2026-47869 in Avi Load Balancerinfo

Summary

by MITRE • 07/18/2026

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network access may be able to inject and execute code.

Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/18/2026

The VMware Avi Load Balancer remote code execution vulnerability represents a critical security flaw that enables authenticated attackers with network access to execute arbitrary code on affected systems. This vulnerability affects multiple version ranges across different product releases, indicating a persistent issue within the load balancer's architecture that required patching across several major versions. The flaw specifically targets the authentication and input validation mechanisms within the Avi Load Balancer platform, creating a pathway for attackers to bypass security controls and gain unauthorized system access.

The technical nature of this vulnerability stems from inadequate input sanitization and validation processes within the load balancer's web interface and API endpoints. Attackers can exploit this weakness by crafting malicious payloads that leverage the authentication mechanisms to inject code into the system. This type of vulnerability typically falls under CWE-94, which describes "Improper Control of Generation of Code ('Code Injection')" and aligns with ATT&CK technique T1059.001 for command and scripting interpreter. The vulnerability allows for privilege escalation and lateral movement within networks where the load balancer operates, as it requires only network access and valid authentication credentials to exploit.

The operational impact of this vulnerability extends beyond simple code execution capabilities, as it provides attackers with persistent access to critical network infrastructure. Organizations relying on VMware Avi Load Balancer for traffic management and load distribution face significant risks including data breaches, service disruption, and potential compromise of entire network segments. The vulnerability affects systems that handle sensitive traffic and applications, making the attack surface particularly valuable to threat actors. Security teams must consider the implications of this vulnerability across their entire infrastructure, as the load balancer often serves as a crucial gateway for network traffic.

Mitigation strategies should prioritize immediate patching of all affected versions to prevent exploitation. Organizations should implement network segmentation to limit access to load balancer interfaces and enforce strict authentication controls. Monitoring for unusual API activity or unauthorized configuration changes can help detect exploitation attempts. The vulnerability's classification under CWE-284 suggests that improper access control mechanisms are at play, requiring comprehensive review of privilege management and user access controls. Additionally, implementing web application firewalls and network-based intrusion detection systems can provide additional layers of protection against exploitation attempts while organizations await full patch deployment.

Responsible

Vmware

Reservation

05/20/2026

Disclosure

07/18/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!