Critical SQL Injection Vulnerabilities in AOS-8 and AOS-10 Exposed

Critical SQL Injection Vulnerabilities in AOS-8 and AOS-10 Exposed

First seen 15 Jul 2026, 01:41 UTC Notcvecwe.mitre.orgwww.tenable.comnvd.nist.gov 91% similarity 64.5

Article Content

Browse articles
ThreatCluster

CVE-2026-44861 details SQL injection vulnerabilities in AOS-8 and AOS-10 command-line interfaces. These vulnerabilities allow authenticated attackers with administrative privileges to inject malicious input into unsanitized parameters, potentially executing arbitrary commands on the underlying operating system. The vulnerabilities affect several underlying service components, posing a significant risk to systems utilizing these interfaces. The CVE was published on 2026-05-12, and as of now, no patches have been reported. Organizations using AOS-8 and AOS-10 are advised to assess their exposure and implement necessary security measures.

Key Points: • CVE-2026-44861 exposes SQL injection vulnerabilities in AOS-8 and AOS-10. • Authenticated attackers can exploit these vulnerabilities to execute arbitrary commands. • No patches have been reported as of the latest updates on 2026-07-14.

ThreatCluster AI

Timeline

2026-05-12
CVE-2026-44861 published
SQL injection vulnerabilities disclosed affecting AOS-8 and AOS-10 command-line interfaces.
Tenable
2026-07-14
Vulnerability details confirmed
Multiple sources report on the SQL injection vulnerabilities and their potential impact on system security.
NVD
2026-07-14
Vulnerability awareness raised
Security professionals alerted to the risks associated with CVE-2026-44861 and the lack of available patches.
Notcve

Community

Browse all →