Cyber Resilience

CVE-2026-23827

High

Published: 12 May 2026

Published
12 May 2026
Modified
15 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0015 35.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23827 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Arubanetworks Arubaos. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a…

more

privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote RCE via buffer overflow in exposed network management service directly enables exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-44854Same product: Arubanetworks Arubaos
CVE-2026-44852Same product: Arubanetworks Arubaos
CVE-2026-44862Same product: Arubanetworks Arubaos
CVE-2026-44872Same product: Arubanetworks Arubaos
CVE-2026-44860Same product: Arubanetworks Arubaos
CVE-2026-44869Same product: Arubanetworks Arubaos
CVE-2026-23824Same product: Arubanetworks Arubaos
CVE-2026-44866Same product: Arubanetworks Arubaos
CVE-2026-44871Same product: Arubanetworks Arubaos
CVE-2026-44865Same product: Arubanetworks Arubaos

Affected Assets

arubanetworks
arubaos
6.5.4.0 — 8.10.0.22 · 8.11.0.0 — 8.12.0.7 · 8.13.0.0 — 8.13.1.2
arubanetworks
sd-wan
8.6.0.4-2.2.0.0 — 8.6.0.4-2.2.0.7 · 8.7.0.0-2.3.0.0 — 8.7.0.0-2.3.0.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References