CVE-2026-23823

HighRCE

Published: 12 May 2026

Published

12 May 2026

Modified

12 May 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score N/A

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23823 is a high-severity Command Injection (CWE-77) vulnerability in Hpe (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

NVD Description

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability…

only impacts Access Points running AOS-10.7.x.x and above. AOS-10.4 AP and AOS-8 Instant software branches are not affected by this vulnerability.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-77

Affected Products

Hpe

—

inferred from references and description; NVD did not file a CPE for this CVE

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05049en_us&docLocale=en_US
security-alert@hpe.com