Insecure File Handling allows Remote Code Execution in Backup Functionality

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

Insecure file operations in HPE Aruba Networking Fabric Composerâ€™s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

Basic Information

ID CVE-2026-23592

Source hpe

Published Jan 27, 2026 at 17:57

Modified Jan 27, 2026 at 18:44

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product HPE Aruba Networking Fabric Composer

Version 7.0.0

Affected Versions Hewlett Packard Enterprise (HPE) HPE Aruba Networking Fabric Composer 7.0.0

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "Insecure file operations in HPE Aruba Networking Fabric Composer\u00e2\u20ac\u2122s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.",
    "published": "2026-01-27T17:57:57.364Z",
    "modified": "2026-01-27T18:44:00.846Z",
    "type": "cve",
    "title": "Insecure File Handling allows Remote Code Execution in Backup Functionality",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04996en_us&docLocale=en_US",
    "id": "CVE-2026-23592",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) HPE Aruba Networking Fabric Composer 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Aruba Networking Fabric Composer",
    "version": "7.0.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Insecure File Handling allows Remote Code Execution in Backup Functionality_CVE-2026-23592

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply