CVE-2026-44874

MEDIUM

Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

Title source: cna

Description

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device.

References (1)

Core 1

Core References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US

Scores

CVSS v3 4.9

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (5)

arubanetworks/arubaos 10.8.0.0

arubanetworks/arubaos 10.4.0.0 - 10.4.1.11

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS) 10.4.0.0 - 10.4.1.10

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS) 10.7.0.0 - 10.7.2.2

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS) 10.8.0.0

Published May 12, 2026

Tracked Since May 13, 2026