Skip to main content

Hpe Aruba Networking Wireless Operating System Aos CVE-2026-44874

| EUVDEUVD-2026-29823 MEDIUM
Improper Access Control (CWE-284)
2026-05-12 hpe GHSA-hcvx-68gw-vvxp
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 12, 2026 - 19:19 nvd
MEDIUM 4.9

DescriptionCVE.org

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device.

Analysis

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device.

CVE-2026-23827 HIGH
7.5 May 12

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow a

CVE-2026-23826 HIGH
7.5 May 12

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker

CVE-2026-23825 HIGH
7.5 May 12

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacke

CVE-2026-23824 HIGH
7.5 May 12

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacke

CVE-2026-44854 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44853 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44872 HIGH
7.2 May 12

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Su

CVE-2026-44870 HIGH
7.2 May 12

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS

CVE-2026-44869 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44868 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44867 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

CVE-2026-44866 HIGH
7.2 May 12

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc

Share

CVE-2026-44874 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy