CVE-2026-23814, scored 8.8, requires only low-level authenticated access. A remote attacker with minimal privileges could inject malicious commands through parameters in a CLI command, resulting in unwanted behavior, the advisory said. Italy’s National Cybersecurity Agency discovered and reported the flaw.
The other two CLI flaws, CVE-2026-23815 and CVE-2026-23816, both scored 7.2, need higher administrative privileges but still let an authenticated attacker run arbitrary commands on the underlying operating system, the advisory said. A fifth vulnerability, CVE-2026-23817, rated medium at 6.5, lets an unauthenticated attacker redirect users to an arbitrary URL through the web management interface.
“Exploitation of this Aruba vulnerability potentially gives attackers full control of AOS-CX network devices and the ability to compromise an entire system undetected,” said Ross Filipek, CISO at Corsica Technologies. “A successful compromise could lead to the disruption of network communications or the erosion of the integrity of key business services. This flaw is a reminder that vulnerabilities in network devices are becoming more common in today’s hyper-connected world. When attackers gain privileged access to these devices, it puts organizations at significant risk.”
