Cyber Resilience

CVE-2026-23816

HighRCE

Published: 11 March 2026

Published
11 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23816 is a high-severity OS Command Injection (CWE-78) vulnerability in Hpe (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked at the 36.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-23816 is a vulnerability in the command line interface of AOS-CX Switches that could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. Classified under CWE-78 (OS Command Injection), it received a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) upon publication on March 11, 2026.

The vulnerability can be exploited by an authenticated remote attacker possessing high privileges, such as an administrative user, over the network with low attack complexity and no user interaction required. Successful exploitation enables the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially granting full control over the underlying operating system.

HPE has published a security advisory providing details on the vulnerability and mitigation measures at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US.

EU & UK References

Vulnerability details

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

OS command injection in network device CLI directly enables arbitrary command execution via T1059.008.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-11730Shared CWE-78
CVE-2026-3828Shared CWE-78
CVE-2025-15518Shared CWE-78
CVE-2026-23820Shared CWE-78
CVE-2025-15519Shared CWE-78
CVE-2024-26012Shared CWE-78
CVE-2026-22222Shared CWE-78
CVE-2026-22224Shared CWE-78
CVE-2025-11005Shared CWE-78
CVE-2026-31177Shared CWE-78

Affected Assets

Hpe
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of CLI inputs to block OS command injection attempts that exploit this CVE.

prevent

Enforces disabling or restricting unnecessary CLI commands and OS-level execution paths that enable the arbitrary command execution in this vulnerability.

prevent

Mandates timely application of vendor patches that remediate the OS command injection flaw described in the CVE.

References