216.73.216.133

CVE-2026-44863

· Published 12/05/2026 20:16 · Modified 13/05/2026 19:17

Labels: CVE-2026-44863 2026-05-12CVE-2026-44863CWE-89[email protected]

Essential information

Published
12/05/2026 20:16
Modified
13/05/2026 19:17
Author
Creator
CVSS
7.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
hpe / aos-8 cpe:2.3:a:hpe:aos-8:*:*:*:*:*:*:*:*
hpe / aos-10 cpe:2.3:a:hpe:aos-10:*:*:*:*:*:*:*:*

References