CVE-2026-23815
Published: 11 March 2026
Summary
CVE-2026-23815 is a high-severity Command Injection (CWE-77) vulnerability in Hpe (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 39.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-23815 is a command injection vulnerability (CWE-77) in a custom binary used in the CLI of AOS-CX Switches. Published on 2026-03-11T04:17:35.080, it has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
An authenticated remote attacker with high privileges can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation enables the attacker to execute unauthorized commands on the affected switch, resulting in high impacts to confidentiality, integrity, and availability.
Mitigation details are provided in the HPE security advisory at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-11075
Vulnerability details
A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in network device CLI directly enables arbitrary command execution (T1059.008) via exploitation of a remotely accessible management interface (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of CLI inputs to block command injection payloads in the custom binary.
Enforces least privilege so that even authenticated users lack the high-privilege context needed to reach the vulnerable code path.
Enforces access-control policy that can restrict which commands an authenticated session is allowed to execute on the switch.