HPE Aruba Networking has released a security advisory urging administrators to patch their Fabric Composer software immediately, addressing a trio of vulnerabilities including a high-severity remote code execution flaw. The most alarming vulnerability is CVE-2026-23592, which targets the system’s backup functionality and could allow an authenticated attacker to execute arbitrary commands on the underlying operating system.
The update also patches a high-severity OpenSSL flaw, CVE-2024-4741, described as a Use After Free vulnerability in the SSL_free_buffers function. A third flaw, CVE-2026-23593, is a medium-severity information disclosure affecting the web-based management interface and could let an unauthenticated remote attacker read files within the affected directory. HPE Aruba Networking has released version 7.3.0 of Fabric Composer, with guidance to upgrade to 7.x.x: 7.3.0 and above to resolve the described vulnerabilities.
For organisations unable to patch immediately, the firm recommends strict network segmentation, including restricting management interfaces to a dedicated layer 2 segment or VLAN and applying firewall controls at layer 3 and above.