CVE-2026-44857
Analyzed
Analyzed - Analysis Complete
BaseFortify
Vulnerability report for CVE-2026-44857, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-12
Last updated on: 2026-05-14
Assigner: Hewlett Packard Enterprise (HPE)
Description
Description
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arubanetworks | arubaos | From 6.5.4.0 (inc) to 8.10.0.22 (exc) |
| arubanetworks | arubaos | From 8.11.0.0 (inc) to 8.12.0.7 (exc) |
| arubanetworks | arubaos | From 8.13.0.0 (inc) to 8.13.1.2 (exc) |
| arubanetworks | arubaos | From 10.4.0.0 (inc) to 10.4.1.11 (exc) |
| arubanetworks | arubaos | From 10.5.0.0 (inc) to 10.7.2.3 (exc) |
| arubanetworks | sd-wan | From 8.6.0.4-2.2.0.0 (inc) to 8.6.0.4-2.2.0.7 (inc) |
| arubanetworks | sd-wan | From 8.7.0.0-2.3.0.0 (inc) to 8.7.0.0-2.3.0.9 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
