CVE-2026-23822

Summary

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruption or reduced availability of the affected system.

NOTE: This vulnerability only impacts Access Points running AOS Instant 8.x.x.x

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.13.0.0 <= 8.13.1.1affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.12.0.0 <= 8.12.0.6affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.10.0.0 <= 8.10.0.21affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References