CVE-2026-44853
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2026-05-12
Last updated on: 2026-05-14
Assigner: Hewlett Packard Enterprise (HPE)
Description
Description
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arubanetworks | arubaos | From 6.5.4.0 (inc) to 8.10.0.22 (exc) |
| arubanetworks | arubaos | From 8.11.0.0 (inc) to 8.12.0.7 (exc) |
| arubanetworks | arubaos | From 8.13.0.0 (inc) to 8.13.1.2 (exc) |
| arubanetworks | arubaos | From 10.4.0.0 (inc) to 10.4.1.11 (exc) |
| arubanetworks | arubaos | From 10.5.0.0 (inc) to 10.7.2.3 (exc) |
| arubanetworks | sd-wan | From 8.6.0.4-2.2.0.0 (inc) to 8.6.0.4-2.2.0.7 (inc) |
| arubanetworks | sd-wan | From 8.7.0.0-2.3.0.0 (inc) to 8.7.0.0-2.3.0.9 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70