cvedb.io
CVE-2026-44873
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2026-05-12T20:16:45.907 · Last modified 2026-06-17T10:51:28.043

Summary

A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled.

Affected products

arubanetworks — arubaos

Does this affect you?

Add your gear to cvedb and we'll alert you only when arubanetworks ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.