Unauthenticated Remote Disclosure of Cryptographic Secrets
Summary
| CVE | CVE-2026-44877 |
|---|---|
| State | PUBLISHED |
| Assigner | hpe |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-07 20:16:28 UTC |
| Updated | 2026-07-07 21:17:25 UTC |
| Description | An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system. |
Risk And Classification
Primary CVSS: v3.1 6.5 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.002770000 probability, percentile 0.194890000 (date 2026-07-08)
Problem Types: CWE-200 | CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | CNA | CVSS | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Hewlett Packard Enterprise HPE | HPE Networking Instant On | affected 3.0.0 3.3.3 semver | Switch Model 1830, Switch Model 1930, Switch Model 1960 |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.hpe.com/hpesc/public/docDisplay | [email protected] | support.hpe.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Aaron P. Davis (en)
There are currently no legacy QID mappings associated with this CVE.