AOS-CX Switches allow authenticated attackers to execute arbitrary OS commands

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

AOS-CX Switches allow authenticated attackers to execute arbitrary OS commands

CVE-2026-23816

Summary

AOS-CX Switches have a security weakness that allows a malicious user with a valid login to run any command on the switch's operating system. This could lead to unauthorized access and potentially disrupt network operations. Affected users should update their software as soon as possible to prevent exploitation.

Original title

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Original description

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

nvd CVSS3.1 7.2

Vulnerability type

CWE-78 OS Command Injection

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocal...

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026