Back to CVE List

CVE-2026-44864

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.2 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-89
Source
NVD
Vendor
Hewlett Packard Enterprise (HPE)
Product
HPE Aruba Networking Wireless Operating System (AOS)

External References

Discussion (0)

Add Comment

No comments yet. Be the first!