CVE-2026-47869 in Avi Load Balancer
Summary
by MITRE • 07/18/2026
VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network access may be able to inject and execute code.
Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/18/2026
The VMware Avi Load Balancer remote code execution vulnerability represents a critical security flaw that enables authenticated attackers with network access to execute arbitrary code on affected systems. This vulnerability affects multiple version ranges across different product releases, indicating a persistent issue within the load balancer's architecture that required patching across several major versions. The flaw specifically targets the authentication and input validation mechanisms within the Avi Load Balancer platform, creating a pathway for attackers to bypass security controls and gain unauthorized system access.
The technical nature of this vulnerability stems from inadequate input sanitization and validation processes within the load balancer's web interface and API endpoints. Attackers can exploit this weakness by crafting malicious payloads that leverage the authentication mechanisms to inject code into the system. This type of vulnerability typically falls under CWE-94, which describes "Improper Control of Generation of Code ('Code Injection')" and aligns with ATT&CK technique T1059.001 for command and scripting interpreter. The vulnerability allows for privilege escalation and lateral movement within networks where the load balancer operates, as it requires only network access and valid authentication credentials to exploit.
The operational impact of this vulnerability extends beyond simple code execution capabilities, as it provides attackers with persistent access to critical network infrastructure. Organizations relying on VMware Avi Load Balancer for traffic management and load distribution face significant risks including data breaches, service disruption, and potential compromise of entire network segments. The vulnerability affects systems that handle sensitive traffic and applications, making the attack surface particularly valuable to threat actors. Security teams must consider the implications of this vulnerability across their entire infrastructure, as the load balancer often serves as a crucial gateway for network traffic.
Mitigation strategies should prioritize immediate patching of all affected versions to prevent exploitation. Organizations should implement network segmentation to limit access to load balancer interfaces and enforce strict authentication controls. Monitoring for unusual API activity or unauthorized configuration changes can help detect exploitation attempts. The vulnerability's classification under CWE-284 suggests that improper access control mechanisms are at play, requiring comprehensive review of privilege management and user access controls. Additionally, implementing web application firewalls and network-based intrusion detection systems can provide additional layers of protection against exploitation attempts while organizations await full patch deployment.