CVE-2026-23823
Published: 12 May 2026
Summary
CVE-2026-23823 is a high-severity Command Injection (CWE-77) vulnerability in Hpe (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 49.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-29739
Vulnerability details
A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability…
more
only impacts Access Points running AOS-10.7.x.x and above. AOS-10.4 AP and AOS-8 Instant software branches are not affected by this vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated remote command injection in the AP CLI directly enables arbitrary OS command execution via Unix shell.
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.