PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-47871 VMware CVE debrief

A directory traversal vulnerability exists in VMware Avi Load Balancer, allowing malicious, authenticated network users to perform directory traversal attacks due to flaws in file path validation. This issue affects various versions of VMware Avi Load Balancer, including 32.1.1, 31.1.1 through 31.2.2, 30.1.1 through 30.2.6, and 22.1.1 through 22.1.7. Users of these versions should apply patches to prevent directory traversal attacks. The vulnerability is caused by inadequate file path validation, and affected versions have been fixed in 32.1.2, 31.2.2-2p3, 30.2.7, and 30.2.7 respectively.

Vendor
VMware
Product
Avi Load Balancer
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-18
Original CVE updated
2026-07-18
Advisory published
2026-07-18
Advisory updated
2026-07-18

Who should care

Users of VMware Avi Load Balancer versions 32.1.1, 31.1.1 through 31.2.2, 30.1.1 through 30.2.6, and 22.1.1 through 22.1.7 should apply patches to prevent directory traversal attacks. System administrators, security teams, and IT professionals responsible for managing and securing VMware Avi Load Balancer deployments should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability, CVE-2026-47871, is caused by inadequate file path validation in VMware Avi Load Balancer. This allows authenticated network users to perform directory traversal attacks. Affected versions include 32.1.1 (fixed in 32.1.2), 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3), 30.1.1 through 30.2.6 (fixed in 30.2.7), and 22.1.1 through 22.1.7 (fixed in 30.2.7). The issue allows malicious users to traverse directories, potentially leading to unauthorized access and data breaches.

Defensive priority

High

Recommended defensive actions

  • Apply patches for affected VMware Avi Load Balancer versions
  • Restrict access to sensitive areas of the system
  • Monitor system logs for suspicious activity
  • Verify system configurations and user permissions
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-18T09:17:08.960Z and has not been modified since then. The NVD entry is currently 8.8 HIGH. Limited information is available about the vulnerability's impact and exploitation. The CVE record and NVD entry provide official details about the vulnerability, but additional information from other sources may be necessary to fully understand the issue.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-18T09:17:08.960Z and has not been modified since then.