Description
Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
Published: 2026-01-27
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is caused by insecure file operations in the backup functionality of HPE Aruba Networking Fabric Composer, allowing an authenticated attacker to inject arbitrary shell commands and run them on the underlying operating system. This flaw corresponds to CWE‑78, an operating‑system command‑injection weakness. Successful exploitation lets the attacker execute any command with the privileges of the backup process, compromising the device’s confidentiality, integrity, and availability.

Affected Systems

The affected product is the HPE Aruba Networking Fabric Composer. No specific version ranges are indicated in the advisory, so all installations of this product are considered potentially vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity level, while the EPSS score of less than 1% means that exploitation is currently unlikely but still possible. The attack requires authenticated access to the backup interface, limiting the attack surface to users with sufficient privileges. Although the vulnerability is not listed in CISA’s KEV catalog, its potential for arbitrary code execution on the operating system warrants prompt action.

Generated by OpenCVE AI on April 18, 2026 at 02:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the HPE Aruba Networking Fabric Composer patch that addresses the insecure file handling in the backup feature.
  • Restrict access to the backup interface to only trusted, authenticated users and enforce least‑privilege permissions.
  • Monitor system logs for anomalous backup activity or attempts at command injection.

Generated by OpenCVE AI on April 18, 2026 at 02:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Arubanetworks
Arubanetworks fabric Composer
Vendors & Products Arubanetworks
Arubanetworks fabric Composer

Tue, 27 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
Title Insecure File Handling allows Remote Code Execution in Backup Functionality
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Arubanetworks Fabric Composer
cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2026-02-27T14:33:27.535Z

Reserved: 2026-01-14T15:40:17.990Z

Link: CVE-2026-23592

cve-icon Vulnrichment

Updated: 2026-01-27T18:43:54.143Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T18:15:56.383

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23592

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:15:05Z

Weaknesses