PatchSiren cyber security CVE debrief
CVE-2026-47871 VMware CVE debrief
A directory traversal vulnerability exists in VMware Avi Load Balancer, allowing malicious, authenticated network users to perform directory traversal attacks due to flaws in file path validation. This issue affects various versions of VMware Avi Load Balancer, including 32.1.1, 31.1.1 through 31.2.2, 30.1.1 through 30.2.6, and 22.1.1 through 22.1.7. Users of these versions should apply patches to prevent directory traversal attacks. The vulnerability is caused by inadequate file path validation, and affected versions have been fixed in 32.1.2, 31.2.2-2p3, 30.2.7, and 30.2.7 respectively.
- Vendor
- VMware
- Product
- Avi Load Balancer
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-18
- Original CVE updated
- 2026-07-18
- Advisory published
- 2026-07-18
- Advisory updated
- 2026-07-18
Who should care
Users of VMware Avi Load Balancer versions 32.1.1, 31.1.1 through 31.2.2, 30.1.1 through 30.2.6, and 22.1.1 through 22.1.7 should apply patches to prevent directory traversal attacks. System administrators, security teams, and IT professionals responsible for managing and securing VMware Avi Load Balancer deployments should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability, CVE-2026-47871, is caused by inadequate file path validation in VMware Avi Load Balancer. This allows authenticated network users to perform directory traversal attacks. Affected versions include 32.1.1 (fixed in 32.1.2), 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3), 30.1.1 through 30.2.6 (fixed in 30.2.7), and 22.1.1 through 22.1.7 (fixed in 30.2.7). The issue allows malicious users to traverse directories, potentially leading to unauthorized access and data breaches.
Defensive priority
High
Recommended defensive actions
- Apply patches for affected VMware Avi Load Balancer versions
- Restrict access to sensitive areas of the system
- Monitor system logs for suspicious activity
- Verify system configurations and user permissions
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-18T09:17:08.960Z and has not been modified since then. The NVD entry is currently 8.8 HIGH. Limited information is available about the vulnerability's impact and exploitation. The CVE record and NVD entry provide official details about the vulnerability, but additional information from other sources may be necessary to fully understand the issue.
Official resources
-
CVE-2026-47871 CVE record
CVE.org
-
CVE-2026-47871 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-18T09:17:08.960Z and has not been modified since then.