Cyber Resilience

CVE-2026-23814

HighRCE

Published: 11 March 2026

Published
11 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0055 41.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-23814 is a high-severity Command Injection (CWE-77) vulnerability in Hpe (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked at the 41.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-23814 is a command injection vulnerability (CWE-77) in the command parameters of a certain AOS-CX CLI command. This issue affects AOS-CX software and was published on 2026-03-11 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A low-privilege authenticated remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation allows the injection of malicious commands, resulting in unwanted behavior with high impacts to confidentiality, integrity, and availability.

The HPE security advisory provides details on mitigation and patches at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

CVE enables command injection in AOS-CX CLI (network device), directly facilitating T1059.008 (Network Device CLI) and T1210 (Exploitation of Remote Services).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-46427Shared CWE-77
CVE-2024-57224Shared CWE-77
CVE-2025-46428Shared CWE-77
CVE-2026-21638Shared CWE-77
CVE-2025-59470Shared CWE-77
CVE-2026-5339Shared CWE-77
CVE-2025-2730Shared CWE-77
CVE-2024-48419Shared CWE-77
CVE-2026-2534Shared CWE-77
CVE-2026-2193Shared CWE-77

Affected Assets

Hpe
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates command injection by requiring validation of CLI command parameters to block malicious inputs.

prevent

Addresses the vulnerability through timely flaw remediation, including applying vendor patches for the AOS-CX CLI command injection.

prevent

Limits impact of exploitation by low-privilege attackers by enforcing least privilege on CLI command execution.

References