CVE-2026-23823 | THREATINT

Description

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only impacts Access Points running AOS-10.7.x.x and above. AOS-10.4 AP and AOS-8 Instant software branches are not affected by this vulnerability.

PUBLISHED Reserved 2026-01-16 | Published 2026-05-12 | Updated 2026-05-13 | Assigner hpe

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Product status

Default status

affected

10.8.0.0 (semver)

affected

10.7.0.0 (semver)

affected

Credits

This vulnerability was discovered and reported by erikdejong through HPE Aruba Networking's Bug Bounty program reporter

References

support.hpe.com/...y?docId=hpesbnw05049en_us&docLocale=en_US

cve.org (CVE-2026-23823)

nvd.nist.gov (CVE-2026-23823)

Download JSON