Session Management Vulnerability in AOS-8 by HPE
CVE-2026-44873

5.4MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Wireless Operating System (aos)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-44873?

AOS-8 is affected by a session management vulnerability that permits users to retain access to the network even after their accounts are administratively disabled. This occurs because existing sessions do not get invalidated upon credential revocation, allowing unauthorized users to exploit this oversight and maintain access until their session expires. Organizations using AOS-8 must address this issue to protect sensitive data and prevent potential breaches.

Affected Version(s)

HPE Aruba Networking Wireless Operating System (AOS) 8.13.0.0 <= 8.13.1.1

HPE Aruba Networking Wireless Operating System (AOS) 8.12.0.0 <= 8.12.0.6

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 7, 2026

Credit

0x50d

CVE-2026-44873 Data

JSON