SecAlerts
CVE ListPricingSign Up
Aruba logo

Aruba

Security Risk Profile

53
/100
medium

Security Risk Score

Comprehensive risk assessment based on 38 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from February 14, 2007 to present

38
Total CVEs
25
Critical+High
0
Exploited
24
Unpatched

Threat Assessment

Avg CVSS
7.2
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
24
Critical/High
Risk Level
53/100
medium
📈 7 in Last 30 Days

Severity Distribution

Critical
7
High
18
Medium
12
Low
1

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
6

Age Distribution

Common Weaknesses (CWE)

1
Command Injection
10
2
XSS
4
3
OS Command Injection
3
4
Path Traversal
3
5
Buffer Overflow
2

Most Affected Products

1. Arubanetworks Arubaos49
2. Aruba ArubaOS12
3. Aruba Aruba Instant11
4. Aruba Mobility Controller10
5. Arubanetworks Sd-wan6

Recent Vulnerabilities

See more →
CVE-2026-44871
CVSS 8.8high

Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems

5/12/2026🔧 No Patch
CVE-2026-44873
CVSS 5.4medium

Insufficient Session Invalidation on User Account Deactivation in AOS-8 Operating System

5/12/2026🔧 No Patch
CVE-2026-23825
CVSS 7.5high

Unauthenticated Denial-of-Service via Crafted Messages in a Network Protocol Handling Component

5/12/2026🔧 No Patch
CVE-2026-23823
CVSS 7.2high

Authenticated Command Injection leads to RCE in AOS-10 CLI Command

5/12/2026🔧 No Patch
CVE-2026-23822
CVSS 5.3medium

Unauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of Service

5/12/2026🔧 No Patch
CVE-2026-23821
CVSS 7.2high

Inconsistent input filtering allows Authenticated Command Injection in AOS-10 CLI

5/12/2026🔧 No Patch
CVE-2026-23819
CVSS 8.8high

Error in SSID Processing allows Stored XSS in Web Management Interface

5/12/2026🔧 No Patch
CVE-2026-1924
CVSS 4.3medium

Aruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset

4/10/2026🔧 No Patch
CVE-2026-23813
CVSS 9.8critical

Authentication Bypass in Web Interface allows Unauthenticated Admin Password Reset

3/11/2026🔧 No Patch
CVE-2025-11706
CVSS 6.1medium

Aruba HiSpeed Cache <= 3.0.2 - Reflected Cross-Site Scripting

2/19/2026🔧 No Patch

Monitor Aruba in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

Aruba Security Vulnerabilities & Risk Score | 38 CVEs | SecAlerts - SecAlerts