🌉 Connect with us in San Francisco for RSAC & BSides SF! Learn More
runZero CAASM

On This Page:

  1. Latest HPE Aruba Networking AOS-CX vulnerabilities: CVE-2026-23813, CVE-2026-23814, CVE-2026-23815, CVE-2026-23816, and CVE-2026-23817
  2. What is HPE Aruba Networking AOS-CX?
  3. What is the impact?
  4. Are updates or workarounds available?
  5. How to find potentially vulnerable systems with runZero

How to find HPE Aruba Networking CX switches on your network

Matthew Kienow
|
Updated

Latest HPE Aruba Networking AOS-CX vulnerabilities: CVE-2026-23813, CVE-2026-23814, CVE-2026-23815, CVE-2026-23816, and CVE-2026-23817 #

HPE disclosed multiple vulnerabilities in specific versions of AOS-CX software:

  • An authentication bypass in the web-based management interface allows unauthenticated admin password reset. Successful exploitation could allow a remote, unauthenticated adversary to circumvent existing authentication controls and, in some instances, reset the administrator password. The vulnerability has been designated CVE-2026-23813 and has been rated critical with a CVSS score of 9.8.
  • An authenticated command injection vulnerability exists due to improper validation of parameters to a certain AOS-CX CLI command. Successful exploitation could allow a remote, low-privilege adversary to inject malicious commands resulting in unwanted behavior. The vulnerability has been designated CVE-2026-23814 and has been rated high with a CVSS score of 8.8.
  • An authenticated command injection vulnerability exists in a custom binary used in AOS-CX CLI for an administrative command. Successful exploitation could allow a remote, high-privilege adversary to perform command injection and execute unauthorized commands. The vulnerability has been designated CVE-2026-23815 and has been rated high with a CVSS score of 7.2.
  • An authenticated OS command injection vulnerability exists in an administrative AOS-CX CLI command. Successful exploitation could allow a remote, high-privilege adversary to execute arbitrary commands directly on the underlying operating system. The vulnerability has been designated CVE-2026-23816 and has been rated high with a CVSS score of 7.2.
  • An unauthenticated open redirect vulnerability exists in the web-based management interface. Successful exploitation could allow a remote, unauthenticated adversary to redirect users to arbitrary, potentially malicious URLs. The vulnerability has been designated CVE-2026-23817 and has been rated medium with a CVSS score of 6.5.

    The following versions are affected

    • AOS-CX 10.10.xxxx versions prior to 10.10.1180
    • AOS-CX 10.13.xxxx versions prior to 10.13.1161
    • AOS-CX 10.16.xxxx versions prior to 10.16.1030
    • AOS-CX 10.17.xxxx versions prior to 10.17.1001

    What is HPE Aruba Networking AOS-CX? #

    HPE Aruba Networking AOS-CX is a network operating system built on a modular Linux architecture that utilizes a state-database design and REST APIs to enable automated configuration and embedded system-level visibility.

    What is the impact? #

    Successful exploitation of the vulnerabilities allows an adversary to bypass authentication controls and potentially execute arbitrary commands on the underlying operating system of the vulnerable device.

    Are updates or workarounds available? #

    Users are encouraged to update to the latest version as quickly as possible:

    • AOS-CX 10.10.xxxx upgrade to version 10.10.1180 and later
    • AOS-CX 10.13.xxxx upgrade to version 10.13.1161 and later
    • AOS-CX 10.16.xxxx upgrade to version 10.16.1030 and later
    • AOS-CX 10.17.xxxx upgrade to version 10.17.1001 and later

    How to find potentially vulnerable systems with runZero #

    From the Asset Inventory, use the following query to locate potentially impacted assets:

    hw:="HPE Aruba CX%" AND protocol:http

    Written by Matthew Kienow

    Matthew Kienow is a software engineer and security researcher. Matthew previously worked on the Recog recognition framework, AttackerKB as well as Metasploit's MSF 5 APIs. He has also designed, built, and successfully deployed many secure software solutions; however, often he enjoys breaking them instead. He has presented his research at various security conferences including DerbyCon, Hack In Paris, and CarolinaCon. His research has been cited by CSO, Threatpost and SC Magazine.

    More about Matthew Kienow
    Subscribe Now

    Get the latest news and expert insights delivered in your inbox.

    Welcome to the club! Your subscription to our newsletter is successful.

    Explore more

    Watch Now • On Demand
    Vulnerability management is broken: what's the fix?

    HD Moore and Omdia analyst Rik Turner discuss why traditional vulnerability management is struggling in modern IT infrastructures, why CVEs don’t tell the full story, and why prioritization alone isn’t enough to close critical security gaps.

    Watch Now
    runZero Hour, Episode 17
    The State of Vuln Management, Our Approach, and a Deep Dive into New Risk Findings
    On this special edition of runZero Hour, join VP of Security Research Tod Beardsley and Security Research Director Rob King for a deep dive into the future of exposure management.
    Watch Now
    Product Release
    Tackling the New Era of Exposure Management
    Fixing what’s broken with legacy tools and overcoming decades-old problems requires a new approach. Dive into how we do it at runZero.
    Read More
    Webcast
    The Unreasonable Effectiveness of Inside Out Attack Surface Management
    HD Moore, founder of runZero (and previously Metasploit), presents new research that will forever redefine how you approach attack surface management.
    Watch Now

    See Results in Minutes

    See & secure your total attack surface. Even the unknowns & unmanageable.

    Try runZero for Free
    runZero CAASM
    © Copyright 2026 runZero, Inc. All Rights Reserved