vulnerability

Aruba ECOS: CVE-2026-37182: Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	Jan 13, 2026	Jan 14, 2026	Jan 14, 2026

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

Jan 13, 2026

Added

Jan 14, 2026

Modified

Jan 14, 2026

Description

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.

Solution

aruba-ecos-cve-2026-37182

References

CVE-2026-37182
https://attackerkb.com/topics/CVE-2026-37182
URL-https://csaf.arubanetworks.com/2026/hpe_aruba_networking_-_hpesbnw04992.json

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today