CVE-2026-44864
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.2 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Description
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-89
Source
NVD
Vendor
Hewlett Packard Enterprise (HPE)
Product
HPE Aruba Networking Wireless Operating System (AOS)
Discussion (0)
Add Comment
No comments yet. Be the first!