Primary

Context

HPE Aruba Access Points AOS-10 Command Injection Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Patched

A command injection vulnerability has been identified in the command line interface of HPE Aruba Access Points running AOS-10.7.x.x and above. This vulnerability allows authenticated remote attackers to execute arbitrary commands on the underlying operating system. Access Points on the AOS-10.4 branch and AOS-8 Instant software are not affected.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the affected Access Points' operating system, potentially allowing for further exploitation or manipulation of the device.

Remediation

To address this vulnerability, it is recommended to upgrade to AOS-10 AP version 10.8.0.1 and above or to version 10.7.2.3 and above. For more information, visit the HPE Networking Support Portal.

Added: May 12, 2026, 9:31 PM

Updated: May 12, 2026, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.9

remediation

8.3

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.9

remediation

8.3

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HPE Aruba Access Points AOS-10 Command Injection Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Impact

Remediation

Affected Products

HPE ArubaOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating