Cyber Resilience

CVE-2026-23815

HighRCE

Published: 11 March 2026

Published
11 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0039 60.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23815 is a high-severity Command Injection (CWE-77) vulnerability in Hpe (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 39.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-23815 is a command injection vulnerability (CWE-77) in a custom binary used in the CLI of AOS-CX Switches. Published on 2026-03-11T04:17:35.080, it has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

An authenticated remote attacker with high privileges can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation enables the attacker to execute unauthorized commands on the affected switch, resulting in high impacts to confidentiality, integrity, and availability.

Mitigation details are provided in the HPE security advisory at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US.

EU & UK References

Vulnerability details

A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Command injection in network device CLI directly enables arbitrary command execution (T1059.008) via exploitation of a remotely accessible management interface (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-57536Shared CWE-77
CVE-2024-57228Shared CWE-77
CVE-2025-50756Shared CWE-77
CVE-2024-57211Shared CWE-77
CVE-2026-38835Shared CWE-77
CVE-2024-57227Shared CWE-77
CVE-2025-55848Shared CWE-77
CVE-2026-31255Shared CWE-77
CVE-2025-25632Shared CWE-77
CVE-2026-26791Shared CWE-77

Affected Assets

Hpe
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of CLI inputs to block command injection payloads in the custom binary.

prevent

Enforces least privilege so that even authenticated users lack the high-privilege context needed to reach the vulnerable code path.

prevent

Enforces access-control policy that can restrict which commands an authenticated session is allowed to execute on the switch.

References