CVE 7.2 HIGH

Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems_CVE-2026-44871

May 12, 2026 invoker category_cve
7.2 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Basic Information

ID CVE-2026-44871
Source hpe
Published May 12, 2026 at 21:06

Affected Product

Vendor Hewlett Packard Enterprise (HPE)
Product HPE Aruba Networking Wireless Operating System (AOS)
Version 8.13.0.0
Affected Versions Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 8.13.0.0
Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 8.12.0.0
Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 8.10.0.0
Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 10.7.0.0
Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 10.8.0.0
Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS) 10.4.0.0

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.