CVE-2026-44860

HIGH

Hewlett Packard Enterprise (hpe) Hpe Aruba Networking Wireless Operating System (aos) < 8.13.1.1 - SQL Injection

Title source: rule

Description

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

References (1)

Core 1

Core References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US

Scores

CVSS v3 7.2

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (8)

arubanetworks/arubaos 6.5.4.0 - 8.10.0.22

arubanetworks/sd-wan 8.6.0.4-2.2.0.0 - 8.6.0.4-2.2.0.7

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS) 10.4.0.0 - 10.4.1.10

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS) 10.7.0.0 - 10.7.2.2

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS) 10.8.0.0

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS) 8.10.0.0 - 8.10.0.21

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS) 8.12.0.0 - 8.12.0.6

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS) 8.13.0.0 - 8.13.1.1

Published May 12, 2026

Tracked Since May 13, 2026