Description
VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism.
Affected versions:
31.1.1 through 31.2.2 (fixed in 31.2.2-2p3)
30.1.1 through 30.2.6 (fixed in 30.2.7)
22.1.1 through 22.1.7 (fixed in 30.2.7)
Affected versions:
31.1.1 through 31.2.2 (fixed in 31.2.2-2p3)
30.1.1 through 30.2.6 (fixed in 30.2.7)
22.1.1 through 22.1.7 (fixed in 30.2.7)
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Sat, 18 Jul 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism. Affected versions: 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7) | |
| Title | VMware Avi Load Balancer Authentication Bypass Vulnerability | |
| Weaknesses | CWE-287 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2026-07-18T08:57:05.890Z
Reserved: 2026-05-20T10:00:57.076Z
Link: CVE-2026-47865
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses