CVE-2026-23827

Published: May 12, 2026Modified: May 15, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: security-alert@hpe.com (Secondary)

Description

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process.

Affected (7)

Products: Arubanetworks: Arubaos, Sd Wan

Arubanetworks

2 products

Arubaos

Sd Wan

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Arubaos	From 10.4.0.0 to 10.4.1.11
Arubanetworks Arubaos	From 10.5.0.0 to 10.7.2.3
Arubanetworks Arubaos	From 6.5.4.0 to 8.10.0.22
Arubanetworks Arubaos	From 8.11.0.0 to 8.12.0.7
Arubanetworks Arubaos	From 8.13.0.0 to 8.13.1.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Sd Wan	From 8.6.0.4-2.2.0.0 to 8.6.0.4-2.2.0.7
Arubanetworks Sd Wan	From 8.7.0.0-2.3.0.0 to 8.7.0.0-2.3.0.9

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.