HIGHCVE-2026-44870Published 2026-05-12Modified 2026-05-13CNA hpe

CVE-2026-44870: Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

CVSS v3.1: 7.2
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS)
≤ 8.13.1.1 · ≤ 8.12.0.6 · ≤ 8.10.0.21 · ≤ 10.7.2.2 · 10.8.0.0 · ≤ 10.4.1.10

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

support.hpe.com

Metrics