Improper Authentication in VMware Avi Load Balancer - CVE-2026-47865

 

Improper Authentication in VMware Avi Load Balancer - CVE-2026-47865

Published: July 14, 2026


Vulnerability identifier: #VU137515
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-47865
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Avi Load Balancer

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication and access the Avi Control plane.

The vulnerability exists due to improper authentication in the authentication mechanism when handling network requests to the Avi Control plane. A remote attacker can send crafted requests to bypass authentication and access the Avi Control plane.


How to mitigate CVE-2026-47865

Install security update from vendor's website.

Sources