CVE-2026-23825 HIGH

CVE-2026-23825: Unauthenticated Denial-of-Service via Crafted Messages in a Network Protocol Handling Component

Vendor Hewlett Packard Enterprise (Hpe)
Product HPE Aruba Networking Wireless Operating System (AOS)
Published May 12, 2026
Last update May 13, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.

Key dates

02Disclosure timeline

May 12, 2026 CVE published
May 13, 2026 Record updated