Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN505 _____________________________________________________________________ DATE : 13/05/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): AOS-10 versions prior to 10.8.0.1, 10.7.2.3, 10.4.1.11, AOS-8 versions prior to 8.13.1.2, 8.12.0.7, 8.10.0.22. ===================================================================== https://csaf.arubanetworking.hpe.com/2026/hpe_aruba_networking_-_hpesbnw05049.txt https://csaf.arubanetworking.hpe.com/2026/hpe_aruba_networking_-_hpesbnw05048.txt _____________________________________________________________________ HPE Aruba Networking Product Security Advisory ============================================== Advisory ID: HPESBNW05049 CVE: CVE-2026-23819, CVE-2026-23820, CVE-2026-23821, CVE-2026-23822, CVE-2026-23823 Publication Date: 2026-May-12 Status: Confirmed Severity: High Revision: 1 Title ===== Multiple Vulnerabilities in HPE Aruba Networking AOS-8 Instant and AOS-10 AP Overview ======== HPE Aruba Networking has released patches for Aruba access points running AOS-8 Instant and AOS-10 AP software that address multiple security vulnerabilities. Affected Products ================= HPE Aruba Networking - Access Points running AOS-8 Instant - Access Points running AOS-10 AP Affected Software Version(s): - AOS-10 AP 10.8.x.x: 10.8.0.0 - AOS-10 AP 10.7.x.x: 10.7.2.2 and below - AOS-10 AP 10.4.x.x: 10.4.1.10 and below - AOS-8 Instant 8.13.x.x: 8.13.1.1 and below - AOS-8 Instant 8.12.x.x: 8.12.0.6 and below - AOS-8 Instant 8.10.x.x: 8.10.0.21 and below The following software versions that are End of Maintenance (EoM) are affected by these vulnerabilities and are not addressed by this advisory: - AOS-10 AP 10.6.x.x: all - AOS-10 AP 10.5.x.x: all - AOS-10 AP 10.3.x.x: all - AOS-8 Instant 8.12.x.x: all (*) - AOS-8 Instant 8.11.x.x: all - AOS-8 Instant 8.9.x.x: all - AOS-8 Instant 8.8.x.x: all - AOS-8 Instant 8.7.x.x: all - AOS-8 Instant 8.6.x.x: all - AOS-8 Instant 8.5.x.x: all - AOS-8 Instant 8.4.x.x: all - AOS Instant 6.5.x.x: all - AOS Instant 6.4.x.x: all * Although the AOS Instant 8.12.x.x branch is end-of-maintenance, a one-time exception patch has been released to address vulnerabilities affecting AOS Instant 8.12.0.6 and below. Unaffected Products ================= Any other HPE Aruba Networking products not specifically listed above are not affected by these vulnerabilities. Details ======= Error in SSID Processing allows Stored XSS in Web Management Interface (CVE-2026-23819) - --------------------------------------------------------------------- A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromise user data and potentially manipulate device configuration settings. Internal References: VULN-18 Severity: High CVSS v3.1 Base Score: 8.8 CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Discovery: This vulnerability was discovered by Michael Messner, Benedikt Kuehne and Caio Adler Goncalves Farias, Siemens Energy from Siemens Energy Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Inconsistent input filtering allows Authenticated Command Injection in AOS-8 Instant and AOS-10 CLI (CVE-2026-23820) - --------------------------------------------------------------------- A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. Internal References: VULN-166 Severity: High CVSS v3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by moonv through HPE Aruba Networking's Bug Bounty program Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Inconsistent input filtering allows Authenticated Command Injection in AOS-10 CLI (CVE-2026-23821) - --------------------------------------------------------------------- A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. Internal References: VULN-165 Severity: High CVSS v3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by moonv through HPE Aruba Networking's Bug Bounty program Note: Access Points running AOS-8 Instant software are not affected by this vulnerability. Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Authenticated Command Injection leads to RCE in AOS-10 CLI Command (CVE-2026-23823) - --------------------------------------------------------------------- A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. Internal References: VULN-109 Severity: High CVSS v3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H NOTE: This vulnerability only impacts Access Points running AOS-10.7.x.x and above. AOS-10.4 AP and AOS-8 Instant software branches are not affected by this vulnerability. Discovery: This vulnerability was discovered and reported by erikdejong through HPE Aruba Networking's Bug Bounty program Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Unauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of Service (CVE-2026-23822) - --------------------------------------------------------------------- A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruption or reduced availability of the affected system. Internal References: VULN-122 Severity: Medium CVSS v3.1 Base Score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Discovery: This vulnerability was discovered by Nicholas Starke from HPE Networking VIPER. NOTE: This vulnerability only impacts Access Points running AOS Instant 8.x.x.x Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Resolution ========== To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Networking AOS-10 AP and AOS-8 Instant software to one of the following versions (as applicable): - AOS-10 AP 10.8.x.x: 10.8.0.1 and above - AOS-10 AP 10.7.x.x: 10.7.2.3 and above - AOS-10 AP 10.4.x.x: 10.4.1.11 and above - AOS-8 Instant 8.13.x.x: 8.13.1.2 and above - AOS-8 Instant 8.12.x.x: 8.12.0.7 and above - AOS-8 Instant 8.10.x.x: 8.10.0.22 and above Software versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/globalsearch#tab=Software HPE Aruba Networking does not evaluate or patch AOS-8 Instant or AOS-10 AP software branches that have reached their End of Maintenance (EoM) milestone. For more information about the HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw Workaround ========== Vulnerability specific workarounds are listed per vulnerability above. You may contact HPE Services - HPE Aruba Networking for assistance if needed. For more information, please visit HPE Aruba Networking Support Portal at https://networkingsupport.hpe.com/home Exploitation and Public Discussion ================================== HPE Aruba Networking is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2026-MAY-12 / Initial release HPE Aruba Networking SIRT Security Procedures ============================================== Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: http://www.hpe.com/support/security-response-policy For reporting NEW HPE Aruba Networking security issues, email can be sent to networking-sirt@hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.hpe.com/info/psrt-pgp-key (c) Copyright 2026 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information _____________________________________________________________________ HPE Aruba Networking Product Security Advisory ============================================= Advisory ID: HPESBNW05048 CVE: CVE-2026-23824, CVE-2026-23825, CVE-2026-23826, CVE-2026-23827, CVE-2026-44852, CVE-2026-44853, CVE-2026-44854, CVE-2026-44855, CVE-2026-44856, CVE-2026-44857, CVE-2026-44858, CVE-2026-44859, CVE-2026-44860, CVE-2026-44861, CVE-2026-44862, CVE-2026-44863, CVE-2026-44864, CVE-2026-44865, CVE-2026-44866, CVE-2026-44867, CVE-2026-44868, CVE-2026-44869, CVE-2026-44870, CVE-2026-44871, CVE-2026-44872, CVE-2026-44873, CVE-2026-44874. Publication Date: 2026-MAY-12 Status: Confirmed Severity: High Revision: 1 Title ===== Multiple Vulnerabilities in HPE Aruba Networking Wireless AOS-8 and AOS-10 for Mobility Conductors, Controllers, and Gateways. Overview ======== HPE Aruba Networking has released AOS-8 and AOS-10 patches for Mobility Conductors, Controllers and Gateways to address multiple security vulnerabilities. Affected Products ================= HPE Aruba Networking - Mobility Conductors - Mobility Controllers - WLAN and SD-WAN Gateways Managed by HPE Aruba Networking Central Affected Software Version(s): - AOS-10.8.x.x: 10.8.0.0 and below - AOS-10.7.x.x: 10.7.2.2 and below - AOS-10.4.x.x: 10.4.1.10 and below - AOS-8.13.x.x: 8.13.1.1 and below - AOS-8.12.x.x: 8.12.0.6 and below - AOS-8.10.x.x: 8.10.0.21 and below The following software versions that are End of Maintenance (EoM) are affected by these vulnerabilities and are not addressed by this advisory: - AOS-10.6.x.x: all - AOS-10.5.x.x: all - AOS-10.3.x.x: all - AOS-8.12.x.x: all* - AOS-8.11.x.x: all - AOS-8.9.x.x: all - AOS-8.8.x.x: all - AOS-8.7.x.x: all - AOS-8.6.x.x: all - AOS-6.5.4.x: all - SD-WAN 8.7.0.0-2.3.0.x: all - SD-WAN 8.6.0.4-2.2.x.x: all *Although the AOS-8.12.x.x branch is end-of-maintenance, a one-time exception patch has been released to address vulnerabilities affecting AOS-8.12.0.6 and below. Unaffected Products ================= Any other HPE Aruba Networking products and software versions not specifically listed above are not affected by these vulnerabilities. Details ======== Unauthenticated Denial-of-Service via Crafted Messages in a Network Protocol Handling Component (CVE-2026-23824, CVE-2026-23825) - - - ------------------------------------------------------------- Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Successful exploitation may terminate a critical system process, resulting in a denial-of-service condition. Internal References: VULN-121, VULN-11. Severity: High CVSS v3.1 Base Score: 7.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Only AOS-10.x is impacted. Mobility Controllers running the AOS-8.x software branch are not affected by this vulnerability. Discovery: These vulnerabilities were discovered by n3k and reported through HPE Aruba Networking's bug bounty program. Workaround: To minimize the likelihood of an attacker exploiting these vulnerabilities, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Unauthenticated Denial of Service in AOS-8 Network Management Service (CVE-2026-23826) - - - ------------------------------------------------------------- A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations. Internal References: VULN-125 Severity: High CVSS v3.1 Base Score: 7.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Discovery: This vulnerability was discovered by n3k and reported through HPE Aruba Networking's bug bounty program. NOTE: Only AOS-8.x is impacted. Mobility Gateways running the AOS-10.x software branch are not affected by this vulnerability. Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Unauthenticated Remote Code Execution via Heap Buffer Overflow in Network Management Service (CVE-2026-23827) - - - ------------------------------------------------------------- A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process. Internal References: VULN-124 Severity: High CVSS v3.1 Overall Score: 7.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Discovery: This vulnerability was discovered by n3k and reported through HPE Aruba Networking's bug bounty program. Workaround: To reduce the risk of exploitation, HPE Aruba Networking recommends restricting management interfaces to a dedicated Layer 2 segment or VLAN. In addition, Layer 3 firewall policies should be configured to limit access to UDP port 8444 exclusively to trusted infrastructure devices, such as managed access points (APs) and peer controllers. Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface (CVE-2026-44852) - - - --------------------------------------------------------------------- An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user. Internal Reference: VULN-106 Severity: High CVSS v3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program. Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface (CVE-2026-44853, CVE-2026-44854) - - - ---------------------------------------------------------------- Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user. Internal References: VULN-102, VULN-77 Severity: High CVSS v3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered by zzcentury from Ubisectech Sirius Team and LIUPENG, and reported through HPE Aruba Networking's bug bounty program. Workaround: To minimize the likelihood of an attacker exploiting these vulnerabilities, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Authenticated Stack-Based Buffer Overflow in PAPI Services (CVE-2026-44855, CVE-2026-44856, CVE-2026-44857, CVE-2026-44858, CVE-2026-44859) - - - ------------------------------------------------------------- Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system. Internal References: VULN-132, VULN-131, VULN-130, VULN-110, VULN-107 Severity: High CVSS v3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program. Workaround: To minimize the likelihood of an attacker exploiting these vulnerabilities, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems (CVE-2026-44860, CVE-2026-44861, CVE-2026-44862, CVE-2026-44863, CVE-2026-44864) - - - ------------------------------------------------------------- SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system. Internal References: VULN-120, VULN-118, VULN-114, VULN-85, VULN-81 Severity: High CVSS v3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program. Workaround: To minimize the likelihood of an attacker exploiting these vulnerabilities, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10 (CVE-2026-44865, CVE-2026-44866, CVE-2026-44867, CVE-2026-44868, CVE-2026-44869) - - - ------------------------------------------------------------- Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. Internal References: VULN-98, VULN-96, VULN-91, VULN-90, VULN-78. Severity: High CVSS v3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered by zzcentury from Ubisectech Sirius Team and moonv, and reported through HPE Aruba Networking's bug bounty program. Workaround: To minimize the likelihood of an attacker exploiting these vulnerabilities, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems (CVE-2026-44870, CVE-2026-44871) - - - -------------------------------------------------------------- Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. Internal References: VULN-105, VULN-89 Severity: High CVSS v3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program. Workaround: To minimize the likelihood of an attacker exploiting these vulnerabilities, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Authenticated Arbitrary File Upload via Command Injection in AOS-8 AND AOS-10 Web-Based Management Interface (CVE-2026-44872) - - - -------------------------------------------------------------- A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device. Internal References: VULN-103 Severity: High CVSS v3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program. Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Insufficient Session Invalidation on User Account Deactivation in AOS-8 Operating System (CVE-2026-44873) - - - ------------------------------------------------------------- A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled. Internal References: VULN-101 Severity: Medium CVSS v3.1 Base Score: 5.4 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Discovery: This vulnerability was discovered by 0x50d and reported through HPE Aruba Networking's bug bounty Program. NOTE: Only AOS-8.x is impacted. Mobility Gateways running the AOS-10.x software branch are not affected by this vulnerability. Workaround: To minimize the likelihood of exploitation of this vulnerability, delete the user by issuing the "aaa user delete" command. Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface (CVE-2026-44874) - - - ------------------------------------------------------------- A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device. Internal References: VULN-100 Severity: Medium CVSS v3.1 Base Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Discovery: This vulnerability was discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program. NOTE: Exploitation requires valid administrative credentials and network access to the management interface. Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. Resolution ========== Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section: - AOS-10.8.x.x: 10.8.0.1 and above - AOS-10.7.x.x: 10.7.2.3 and above - AOS-10.4.x.x: 10.4.1.11 and above - AOS-8.13.x.x: 8.13.1.2 and above - AOS-8.12.x.x: 8.12.0.7 and above - AOS-8.10.x.x: 8.10.0.22 and above Software versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE HPE Aruba Networking does not evaluate or patch AOS-10 Gateway and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw Workaround ========== Vulnerability specific workarounds are listed per vulnerability above. You may contact HPE Services - Aruba Networking for assistance if needed. For more information, please visit HPE Aruba Networking Support Portal at https://networkingsupport.hpe.com/home Exploitation and Public Discussion ================================== HPE Aruba Networking is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2026-MAY-12 / Initial release HPE Aruba Networking SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: https://www.hpe.com/support/security-response-policy For reporting *NEW* HPE Aruba Networking security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.hpe.com/info/psrt-pgp-key (c) Copyright 2026 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================