Skip to main content

Hpe Aruba Networking Wireless Operating System Aos CVE-2026-44870

| EUVDEUVD-2026-29820 HIGH
Command Injection (CWE-77)
2026-05-12 hpe GHSA-49xw-4vmp-5jg9
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 12, 2026 - 19:16 nvd
HIGH 7.2

DescriptionCVE.org

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Analysis

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

CVE-2026-23827 HIGH
7.5 May 12

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow a

CVE-2026-23826 HIGH
7.5 May 12

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker

CVE-2026-23825 HIGH
7.5 May 12

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacke

CVE-2026-23824 HIGH
7.5 May 12

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacke

CVE-2026-44854 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44853 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44872 HIGH
7.2 May 12

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Su

CVE-2026-44869 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44868 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44867 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44866 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44865 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

Share

CVE-2026-44870 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy