Summary
Broadcom patched seven vulnerabilities in VMware Avi Load Balancer, including a critical authentication bypass (CVE-2026-47865) that allows unauthenticated network attackers to take over the control plane. The updates also fix flaws enabling remote code execution, privilege escalation, and directory traversal across multiple software versions.
Take Action:
If you use VMware Avi Load Balancer, make sure its management interface is isolated from the internet and reachable only from trusted admin networks. A flaw lets attackers take it over without any password. Then update ASAP to the patched versions (32.1.2, 31.2.2-2p3, or 30.2.7).
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)