Broadcom announced patches for seven vulnerabilities in VMware Avi Load Balancer, including critical authentication bypass and remote code execution issues. Organizations are advised to update promptly to prevent potential exploitation, especially as VMware flaws have been targeted in past attacks.
Broadcom has announced that VMware Avi Load Balancer has been updated to address seven serious vulnerabilities. Among them are critical authentication bypass issues and high-severity flaws allowing arbitrary code execution and privilege escalation.
Two external researchers, Filip Waeytens and Lang Khuong Duy, reported these vulnerabilities following security assessments.
CVE-2026-47865, discovered by Filip Waeytens, is a critical authentication bypass vulnerability that could let attackers breach the Avi control plane.
Waeytens also found three additional high-severity vulnerabilities: CVE-2026-47866, CVE-2026-47867, and CVE-2026-47868, which involve bypassing authentication, executing arbitrary code, and escalating privileges. These require either network or local access for exploitation.
Lang Khuong Duy identified two more high-severity vulnerabilities: CVE-2026-47871 for directory traversal attacks and CVE-2026-47870 for privilege escalation.
The advisory from Broadcom states there are currently no reported in-the-wild exploitations of these vulnerabilities. However, the company emphasizes the critical nature of installing the latest updates to mitigate risks.
Given the history of attacks targeting VMware products, organizations should prioritize these updates.
With seven vulnerabilities patched in VMware Avi Load Balancer, it is essential for organizations to remain vigilant and apply updates promptly. The nature of these vulnerabilities highlights the need for ongoing security assessments and monitoring of enterprise environments.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Broadcom announced patches for seven vulnerabilities in VMware Avi Load Balancer, including critical authentication bypass and remote code execution issues. Organizations are advised to update promptly to prevent potential exploitation, especially as VMware flaws have been targeted in past attacks.