VMware Avi Load Balancer contains an authorization bypass vulnerability. A malicious actor on the network can access a limited subset of the Avi Control Plane without proper authorization.
Affected versions:
32.1.1 (fixed in 32.1.2)
31.1.1 through 31.2.2 (fixed in 31.2.2-2p3)
30.1.1 through 30.2.6 (fixed in 30.2.7)
22.1.1 through 22.1.7 (fixed in 30.2.7)
Metrics
Affected Vendors & Products
References
History
Sat, 18 Jul 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | VMware Avi Load Balancer contains an authorization bypass vulnerability. A malicious actor on the network can access a limited subset of the Avi Control Plane without proper authorization. Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7) | |
| Title | VMware Avi Load Balancer Authorization Bypass Vulnerability | |
| Weaknesses | CWE-863 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2026-07-18T08:57:08.170Z
Reserved: 2026-05-20T10:00:57.077Z
Link: CVE-2026-47866
No data.
No data.
No data.
OpenCVE Enrichment
No data.