- 132/2026
- High
HPE Aruba has released security updates to fix several vulnerabilities affecting multiple HPE Aruba products.
The addressed vulnerabilities could allow the remote attacker to perform SQL injection, conduct denial of service attacks, manipulate data, obtain sensitive information, gain elevated privileges, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Error in SSID Processing allows Stored XSS in AOS Web Interface Vulnerability (CVE-2026-23819):
- CVSS: 8.8
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Data Manipulation
2. Unauthenticated Denial-of-Service in Network Protocol Handling Component Vulnerability (CVE-2026-23824):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- HPE Aruba Networking Mobility Conductors/ Controllers.
- HPE Aruba Networking WLAN and SD-WAN Gateways Managed by HPE Aruba Networking Central.
- HPE Aruba Networking Access Points running AOS-8 Instant.
- HPE Aruba Networking Access Points running AOS-10 AP.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.