CVE-2026-44871

high HPE
CVSS v3 Base Score
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 79% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: May 12, 2026 (1 days ago)
Last Modified: May 14, 2026
Vendor: HPE
Source: MITRE

Description

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Affected Products

Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS)

References

🔗 support.hpe.com