Skip to main content

Hpe Aruba Networking Wireless Operating System Aos CVE-2026-44852

| EUVDEUVD-2026-29802 HIGH
Improper Following of a Certificate's Chain of Trust (CWE-296)
2026-05-12 hpe GHSA-5wfp-54cp-mj7h
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 12, 2026 - 18:55 nvd
HIGH 7.2

DescriptionCVE.org

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.

Analysis

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.

CVE-2026-23827 HIGH
7.5 May 12

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow a

CVE-2026-23826 HIGH
7.5 May 12

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker

CVE-2026-23825 HIGH
7.5 May 12

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacke

CVE-2026-23824 HIGH
7.5 May 12

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacke

CVE-2026-44854 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44853 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44872 HIGH
7.2 May 12

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Su

CVE-2026-44870 HIGH
7.2 May 12

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS

CVE-2026-44869 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44868 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44867 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44866 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

Share

CVE-2026-44852 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy