CVE-2026-23825: Unauthenticated DoS in AOS-8, AOS-10 Operating Systems
The National Vulnerability Database has detailed CVE-2026-23825, a high-severity vulnerability (CVSS 7.5) affecting the protocol-handling components of AOS-8 and AOS-10 Operating Systems. This flaw allows an unauthenticated attacker to trigger a denial-of-service (DoS) condition by sending specially crafted network messages. The root cause is insufficient input validation, which can terminate critical system processes upon successful exploitation.
This isn’t a complex attack. The fact that it’s unauthenticated and network-exploitable makes it a low-friction target for any actor looking to disrupt operations. A simple DoS can cripple network services, impacting business continuity, and potentially mask more sophisticated lateral movement or data exfiltration attempts. Defenders need to recognize that even a basic DoS can have significant downstream effects.
While specific affected products were not detailed by the National Vulnerability Database, organizations utilizing AOS-8 or AOS-10 should prioritize identifying all instances of these operating systems within their infrastructure. This vulnerability represents a clear and present risk to network availability and must be addressed with urgency.
What This Means For You
- If your organization relies on AOS-8 or AOS-10 Operating Systems, you have an unauthenticated DoS vulnerability exposed directly to the network. Identify all deployments running these OS versions immediately. Monitor vendor advisories for CVE-2026-23825 and apply patches or workarounds as soon as they are available. Network segmentation and robust intrusion prevention systems should be reviewed as interim mitigation.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-23825: Unauthenticated DoS via Malformed Network Message in AOS
title: CVE-2026-23825: Unauthenticated DoS via Malformed Network Message in AOS
id: scw-2026-05-12-ai-1
status: experimental
level: high
description: |
Detects potential exploitation attempts of CVE-2026-23825 by identifying network traffic destined for common web ports (80, 443) originating from any IP address and being denied by the firewall. This rule is a proxy for detecting the initial network probe or exploit attempt targeting the vulnerable protocol-handling component in AOS-8 and AOS-10 operating systems, which could lead to a denial-of-service condition.
author: SCW Feed Engine (AI-generated)
date: 2026-05-12
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-23825/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: firewall
detection:
selection:
dst_port:
- 80
- 443
src_ip:
- '0.0.0.0/0'
action:
- 'deny'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-23825 | DoS | AOS-8 Operating Systems |
| CVE-2026-23825 | DoS | AOS-10 Operating Systems |
| CVE-2026-23825 | DoS | Protocol-handling component with insufficient input validation |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 12, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Wing FTP Server RCE (CVE-2026-44403) Allows Admin Lua Injection
CVE-2026-44403 — Wing FTP Server 8.1.2 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary...
CVE-2026-44246: nnU-Net Agentic Workflow Injection Puts GitHub Workflows at Risk
CVE-2026-44246 — nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in...
CVE-2026-44240: basic-ftp Client-Side DoS Poses Risk to Node.js Applications
CVE-2026-44240 — basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline...