High severity7.2NVD Advisory· Published May 12, 2026· Updated May 13, 2026
CVE-2026-44872
CVE-2026-44872
Description
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.
Affected products
2- cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*Range: >=8.6.0.4-2.2.0.0,<=8.6.0.4-2.2.0.7
Patches
Vulnerability mechanics
References
1- support.hpe.com/hpesc/public/docDisplaynvdVendor Advisory
News mentions
0No linked articles in our index yet.