Description
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations.
Published: 2026-05-12
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker can trigger a denial of service by sending specially crafted network packets to the AOS-8 Network Management Service, causing its process to terminate unexpectedly and disrupting normal device operations. This loss of service availability directly affects the reliability of affected devices.

Affected Systems

The vulnerability impacts Hewlett Packard Enterprise’s Aruba Networking Wireless Operating System, version AOS-8. No specific patch levels are listed, so all releases of this version are potentially affected.

Risk and Exploitability

Based on the description, it is inferred that the attack vector is remote, requiring network connectivity to the vulnerable service. The CVSS score of 7.5 indicates a moderate-to-high severity. Although no EPSS score is available, the vulnerability can be exercised simply by generating malicious packets from any remote host without authentication. It is not currently listed in the CISA KEV catalog, suggesting that public exploitation may not be widespread yet. An attacker only needs to send tailored packets to achieve a service crash.

Generated by OpenCVE AI on May 12, 2026 at 21:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or update to the latest AOS‑8 version as documented in the HPE advisory.
  • Configure firewall or network segmentation rules to limit inbound traffic to the Network Management Service only to trusted hosts.
  • Monitor device logs for abnormal packet patterns or repeated service failures, and investigate any suspected abuse.

Generated by OpenCVE AI on May 12, 2026 at 21:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Tue, 12 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations.
Title Unauthenticated Denial of Service in AOS-8 Network Management Service
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2026-05-12T18:53:47.735Z

Reserved: 2026-01-16T15:22:49.225Z

Link: CVE-2026-23826

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T20:16:31.683

Modified: 2026-05-12T20:16:31.683

Link: CVE-2026-23826

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:15:29Z

Weaknesses