Denial of Service Vulnerability in AOS-8 DHCP Services by HPE
CVE-2026-23822

5.3MEDIUM

Key Information:

Vendor: HP (HP)
Status: Arubaos (aos)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-23822?

A vulnerability exists in the XML processing of the AOS-8 DHCP services, which may allow an unauthenticated remote attacker to cause a denial of service. By exploiting this weakness, an attacker can induce excessive resource consumption during user interactions, ultimately leading to service interruptions and diminished availability for affected systems. This issue specifically impacts Access Points operating on AOS Instant 8.x.x.x.

Affected Version(s)

ArubaOS (AOS) 8.13.0.0 <= 8.13.1.1

ArubaOS (AOS) 8.12.0.0 <= 8.12.0.6

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Jan 16, 2026

Credit

Nicholas Starke

CVE-2026-23822 Data

JSON

HP (HP)

What is CVE-2026-23822?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit