CVE-2026-44855

⚠️ high

Summary

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

CVSS Score

7.2

High

EPSS Score

0.1

Exploit Probability

Published Date

2026-05-12

First Seen: 2026-05-17

📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 55.6% of all 321,566 vulnerabilities in our database.

#142,887

Above average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 13, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

🏆 Discovered By

zzcentury (reporter)

SSVC data provided by CISA

Last Modified 2026-05-14

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-121

📦 Affected Products 7

Vendor	Product	Status	Affected Versions
arubanetworks	arubaos	Affected	> 10.4.0.0 < 10.4.1.11
arubanetworks	arubaos	Affected	> 10.5.0.0 < 10.7.2.3
arubanetworks	arubaos	Affected	> 6.5.4.0 < 8.10.0.22
arubanetworks	arubaos	Affected	> 8.11.0.0 < 8.12.0.7
arubanetworks	arubaos	Affected	> 8.13.0.0 < 8.13.1.2
arubanetworks	sd-wan	Affected	> 8.6.0.4-2.2.0.0 < 8.6.0.4-2.2.0.7
arubanetworks	sd-wan	Affected	> 8.7.0.0-2.3.0.0 < 8.7.0.0-2.3.0.9

🔗 References 1

https://support.hpe.com/hpesc/public/docDisplay?docI...

Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-23824	⚠️ high	7.5	0.0	Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacke...	2026-05-12
CVE-2026-23825	⚠️ high	7.5	0.1	Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacke...	2026-05-12
CVE-2026-23826	⚠️ high	7.5	0.1	A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker...	2026-05-12
CVE-2026-23827	⚠️ high	7.5	0.1	A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow a...	2026-05-12
CVE-2026-44852	⚠️ high	7.2	0.1	An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vu...	2026-05-12
CVE-2026-44853	⚠️ high	7.2	0.2	Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Suc...	2026-05-12

These CVEs affect the same products