CVE-2026-23824

Published: May 12, 2026Modified: May 15, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: security-alert@hpe.com (Secondary)

Description

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.

Affected (7)

Products: Arubanetworks: Arubaos, Sd Wan

Arubanetworks

2 products

Arubaos

Sd Wan

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Arubaos	From 10.4.0.0 to 10.4.1.11
Arubanetworks Arubaos	From 10.5.0.0 to 10.7.2.3
Arubanetworks Arubaos	From 6.5.4.0 to 8.10.0.22
Arubanetworks Arubaos	From 8.11.0.0 to 8.12.0.7
Arubanetworks Arubaos	From 8.13.0.0 to 8.13.1.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Sd Wan	From 8.6.0.4-2.2.0.0 to 8.6.0.4-2.2.0.7
Arubanetworks Sd Wan	From 8.7.0.0-2.3.0.0 to 8.7.0.0-2.3.0.9

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.