vulnerability

Aruba AOS-8: CVE-2026-44860: Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	May 12, 2026	May 13, 2026	May 13, 2026

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

May 12, 2026

Added

May 13, 2026

Modified

May 13, 2026

Description

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

Solution

aruba-aos-8-cve-2026-44860

References

CVE-2026-44860
https://attackerkb.com/topics/CVE-2026-44860
https://csaf.arubanetworking.hpe.com/2026/hpe_aruba_networking_-_hpesbnw05048.json
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-29810
EUVD-EUVD-2026-29810

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report