HPE Aruba Networking Fabric Composerâ CVE-2026-23592
HIGHSeverity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
AnalysisAI
HPE Aruba Networking Fabric Composer's backup functionality contains insecure file operations that permit authenticated users to execute arbitrary OS commands, resulting in remote code execution on affected systems. An attacker with valid credentials could leverage this vulnerability to gain full system compromise through the backup restoration process. No patch is currently available to remediate this high-severity flaw.
Technical ContextAI
Classified as CWE-78 (OS Command Injection). Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
Affected ProductsAI
Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code e
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today