Cyber Resilience

CVE-2026-44857

High

Published: 12 May 2026

Published
12 May 2026
Modified
14 May 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 27.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-44857 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Arubanetworks Arubaos. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the…

more

affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack buffer overflow in management CLI services allows authenticated admin to achieve arbitrary code execution with elevated OS privileges, directly matching exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-44855Same product: Arubanetworks Arubaos
CVE-2026-44856Same product: Arubanetworks Arubaos
CVE-2026-44858Same product: Arubanetworks Arubaos
CVE-2026-44859Same product: Arubanetworks Arubaos
CVE-2026-23827Same product: Arubanetworks Arubaos
CVE-2026-44872Same product: Arubanetworks Arubaos
CVE-2026-44860Same product: Arubanetworks Arubaos
CVE-2026-23826Same product: Arubanetworks Arubaos
CVE-2026-44869Same product: Arubanetworks Arubaos
CVE-2026-23824Same product: Arubanetworks Arubaos

Affected Assets

arubanetworks
arubaos
6.5.4.0 — 8.10.0.22 · 8.11.0.0 — 8.12.0.7 · 8.13.0.0 — 8.13.1.2
arubanetworks
sd-wan
8.6.0.4-2.2.0.0 — 8.6.0.4-2.2.0.7 · 8.7.0.0-2.3.0.0 — 8.7.0.0-2.3.0.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References