Skip to main content

Hpe Aruba Networking Wireless Operating System Aos

27 CVEs product

Monthly

CVE-2026-44871 HIGH This Week

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44873 MEDIUM This Month

A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled.

Authentication Bypass Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-44874 MEDIUM This Month

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device.

Authentication Bypass Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-44872 HIGH This Week

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44870 HIGH This Week

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44869 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44868 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44867 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44866 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44865 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-44864 HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-44863 HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-44862 HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-44861 HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-44860 HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-44859 HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44858 HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44857 HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44856 HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44855 HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-44854 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.

Command Injection RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-44853 HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.

Command Injection RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-44852 HIGH This Week

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.

RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-23827 HIGH This Week

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process.

RCE Buffer Overflow Heap Overflow Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23826 HIGH This Week

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations.

Denial Of Service Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23825 HIGH This Week

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.

Information Disclosure Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23824 HIGH This Week

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.

Denial Of Service Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.2
HIGH This Week

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled.

Authentication Bypass Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device.

Authentication Bypass Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command Injection Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

SQLi Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.

Command Injection RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.

Command Injection RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.

RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process.

RCE Buffer Overflow Heap Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations.

Denial Of Service Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.

Information Disclosure Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.

Denial Of Service Hpe Aruba Networking Wireless Operating System Aos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy