All incidents

VMware Avi Load Balancer authentication bypass flaw (CVE-2026-47865) patched

vulnerabilityopenJul 14, 2026 — Jul 14, 2026
Broadcom patches Avi Load Balancer auth bypass CVE-2026-47865

BROADCOM has released patches for the VMware Avi Load Balancer addressing seven vulnerabilities. The most serious flaw is CVE‑2026‑47865, an authentication bypass that lets an unauthenticated network attacker reach the Avi control plane.

CVE‑2026‑47865 carries a CVSS score of 9.8, reflecting its potential to grant full control without any credentials. The advisory also notes code execution flaws and privilege elevation issues that could be chained with the bypass. Affected releases span from 22.1.1 through 31.2.6, while version 32.1.2 contains the fixes.

Broadcom states there are no workarounds, so upgrading is the only remediation path. The flaws were reported by researchers Filip Waeytens and Lang Khuong Duy, who rated several of them high severity. Exploitation requires either network reachability to the management port or local access to the underlying host.

To date, no exploitation of CVE‑2026‑47865 has been observed in the wild and the vulnerability does not appear in the CISA Known Exploited Vulnerabilities catalogue. SecurityOnline reports that no threat actor has been linked to the issue, but the absence of detected attacks does not guarantee safety for exposed instances.

Administrators should first verify the current Avi Load Balancer version running in their environment. If the build is older than 32.1.2, they should plan an upgrade during the next maintenance window, following Broadcom’s upgrade guide. Where immediate patching is not feasible, limiting network access to the management interface to trusted addresses and enabling strong authentication can reduce risk. Monitoring logs for repeated authentication failures or unexpected control plane requests is also advised.

Keeping an accurate inventory of load balancers and subscribing to vendor security notifications helps ensure future patches are applied promptly. Testing updates in a non‑production cluster before rollout can prevent service disruption while maintaining protection against chained attacks that combine authentication bypass with code execution.

Intelligence briefing updated Jul 14, 2026

CVE-2026-47865
Root sourcesupport.broadcom.com
Timeline Coverage

Swipe to explore timeline