Description
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations.
Published: 2026-05-12
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker can trigger a denial of service by sending specially crafted network packets to the AOS‑8 Network Management Service, causing its process to terminate unexpectedly and disrupting normal device operations. This loss of service availability directly affects the reliability of affected devices.

Affected Systems

The vulnerability impacts Hewlett Packard Enterprise’s Aruba Networking Wireless Operating System, version AOS‑8. No specific patch levels are listed, so all releases of this version are potentially affected.

Risk and Exploitability

Based on the description, it is inferred that the attack vector is remote, requiring network connectivity to the vulnerable service. The CVSS score of 7.5 indicates a moderate‑to‑high severity. The EPSS score of less than 1% suggests a very low probability of exploitation in the wild, though the vulnerability can be exercised simply by generating malicious packets from any remote host without authentication. It is not currently listed in the CISA KEV catalog, suggesting that public exploitation may not be widespread yet. An attacker only needs to send tailored packets to achieve a service crash.

Generated by OpenCVE AI on May 13, 2026 at 20:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the HPE Aruba Networking AOS‑8 patch or upgrade to the latest version as detailed in the vendor advisory.
  • Ensure that the firmware update incorporates robust memory‑allocation handling to mitigate memory exhaustion (CWE‑770) weaknesses.
  • Configure firewalls or network segmentation to limit inbound traffic to the Network Management Service to trusted sources.
  • Monitor device logs for abnormal packet patterns or repeated service failures and promptly investigate any suspected abuse.

Generated by OpenCVE AI on May 13, 2026 at 20:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Arubanetworks
Arubanetworks arubaos
Arubanetworks sd-wan
CPEs cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Vendors & Products Arubanetworks
Arubanetworks arubaos
Arubanetworks sd-wan

Wed, 13 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Hpe
Hpe arubaos
Vendors & Products Hpe
Hpe arubaos

Tue, 12 May 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Tue, 12 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations.
Title Unauthenticated Denial of Service in AOS-8 Network Management Service
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Arubanetworks Arubaos Sd-wan
Hpe Arubaos
cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2026-05-13T15:45:23.514Z

Reserved: 2026-01-16T15:22:49.225Z

Link: CVE-2026-23826

cve-icon Vulnrichment

Updated: 2026-05-13T15:43:51.566Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T20:16:31.683

Modified: 2026-05-15T12:44:58.460

Link: CVE-2026-23826

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T20:45:04Z

Weaknesses