Hewlett Packard Enterprise has published an urgent security advisory addressing a critical vulnerability (CVE-2026-23813), this our new CVE of the Week.

The Aruba Networking AOS-CX operating system used on CX-series campus and data center switches. This flaw is particularly concerning for enterprise environments because it allows unauthenticated attackers to bypass authentication controls — and in some cases reset the admin password on affected switches.

It resides in the web-based management interface of Aruba AOS-CX switches.
An attacker with no credentials and no user interaction can exploit it remotely over the network.
Exploitation could lead to unauthorized administrative access, complete control over switch configurations, and downstream compromise of core network infrastructure.
The flaw carries an extremely high severity rating — CVSS 9.8/10 — reflecting its potential impact on confidentiality, integrity and availability.

Network switches are foundational elements of the enterprise environment. They enforce segmentation, carry critical traffic, and serve as control points between segments like datacenter, campus, and DMZ. Losing control over these devices can result in:

Unauthorized network configuration changes
Exposure of internal network topology
Interception or manipulation of traffic flows
Lateral movement opportunities for attackers

Even if exploit code hasn’t been seen in the wild yet, the vulnerability’s characteristics make it an attractive target for opportunistic attackers if left unpatched.

Apply the latest security updates for AOS-CX switches as soon as possible!

If immediate patching isn’t feasible, implement interim mitigations such as:
Isolating management interfaces on dedicated VLANs or segments
Restricting access to trusted hosts via Layer-3 controls or ACLs
Disabling unnecessary HTTP(S) interfaces
Enforcing detailed logging/monitoring of management access attempts
pplying control-plane ACLs to REST/HTTPS management endpoints

These steps help reduce attack exposure while you coordinate timely updates.

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024 and 2025.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Week 11 – Aruba AOS-CX: Admin Access Without Login

09 – 15 Mar 2026

Hewlett Packard Enterprise has published an urgent security advisory addressing a critical vulnerability (CVE-2026-23813), this our new CVE of the Week.

European DeepTech Week 2026 – Sarah Jane Mellor

IT Governance: What’s to Integrate for Life Science Industries

Trust & Safety Forum

InCyber Forum Europe

GITEX Africa Morocco 2026 – Cyber & AI Achiever Awards