CVE-2026-44872

Summary

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking Wireless Operating System (AOS)8.13.0.0 <= 8.13.1.1affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking Wireless Operating System (AOS)8.12.0.0 <= 8.12.0.6affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking Wireless Operating System (AOS)8.10.0.0 <= 8.10.0.21affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking Wireless Operating System (AOS)10.7.0.0 <= 10.7.2.2affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking Wireless Operating System (AOS)10.8.0.0affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking Wireless Operating System (AOS)10.4.0.0 <= 10.4.1.10affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References