Heise.De
Critical Vulnerabilities in VMware Avi Load Balancer Allow Authentication Bypass
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Broadcom has disclosed multiple vulnerabilities in VMware's Avi Load Balancer, including critical flaws that allow attackers to bypass authentication. The most severe vulnerability, CVE-2026-47865, has a CVSS score of 9.8 and enables unauthorized access to the Avi Controller interface. Other vulnerabilities include CVE-2026-47866, which allows unauthorized access to settings, and CVE-2026-47867, which permits remote code execution. These vulnerabilities affect various versions of the Avi Load Balancer, with patches available in versions 30.2.7 and above. Users are urged to upgrade from vulnerable versions 22.1.1 to 22.1.7. The vulnerabilities were reported by Filip Waeytens from NATO NCSC. Broadcom's advisory emphasizes the critical nature of these flaws, highlighting the potential for significant security breaches.
Key Points: • CVE-2026-47865 allows authentication bypass with a CVSS score of 9.8. • Multiple vulnerabilities affect VMware Avi Load Balancer, with several rated high risk. • Patches are available for affected versions; users are urged to upgrade immediately.