CVE-2026-23814, scored 8.8, requires solely low-level authenticated entry. A distant attacker with minimal privileges might inject malicious instructions via parameters in a CLI command, leading to undesirable conduct, the advisory mentioned. Italy’s Nationwide Cybersecurity Company found and reported the flaw.
The opposite two CLI flaws, CVE-2026-23815 and CVE-2026-23816, each scored 7.2, want increased administrative privileges however nonetheless let an authenticated attacker run arbitrary instructions on the underlying working system, the advisory mentioned. A fifth vulnerability, CVE-2026-23817, rated medium at 6.5, lets an unauthenticated attacker redirect customers to an arbitrary URL via the online administration interface.
“Exploitation of this Aruba vulnerability doubtlessly offers attackers full management of AOS-CX community units and the flexibility to compromise a whole system undetected,” mentioned Ross Filipek, CISO at Corsica Applied sciences. “A profitable compromise might result in the disruption of community communications or the erosion of the integrity of key enterprise providers. This flaw is a reminder that vulnerabilities in community units have gotten extra frequent in at this time’s hyper-connected world. When attackers achieve privileged entry to those units, it places organizations at vital threat.”
