CVE-2026-23819

HIGH NVD

CVSS Score 8.8

Severity HIGH

Published May 12, 2026

Vendor unknown

Description

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromise user data and potentially manipulate device configuration settings.

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05049en_us&docLocale=en_US