Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Hewlett Packard Enterprise (HPE) security patch release for CVE-2026-23813

Security Patch Release
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

HPE released security updates for Aruba Networking AOS-CX, closing multiple vulnerabilities including authentication and code execution issues on CX-series campus and data center switches. The highest-severity issue is CVE-2026-23813, a critical authentication bypass in the web-based management interface that could let an unauthenticated remote actor reset admin passwords. HPE says it is not aware of public exploit code or abuse in the wild, but administrators can apply temporary mitigations until patches are deployed.

Related Happenings

Fortinet security patch release for CVE-2026-44277

Security Patch Release
First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)

Advisory/Mitigation
First: 06.05.2026 09:14 Last: 06.05.2026 09:14 Sources 1

About this happening: Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...

Open Happening

CPanel CVE-2026-41940 mitigation guidance

Advisory/Mitigation
First: 30.04.2026 14:40 Last: 30.04.2026 14:40 Sources 1

About this happening: cPanel issued mitigation guidance for **CVE-2026-41940** after fixes became available for **cPanel, WHM, and WP Squared**, urging customers to restart **cpsrvd** to reduce exposur...

Open Happening

LiteLLM security patch release for CVE-2026-42208

Security Patch Release
First: 29.04.2026 00:07 Last: 29.04.2026 00:07 Sources 1

About this happening: **LiteLLM version 1.83.7** ships a fix for **CVE-2026-42208**, closing a **critical SQL injection** path in the proxy API key verification flow. The release replaces **string conc...

Open Happening

Microsoft out-of-band security update for ASP.NET Core Data Protection (CVE-2026-40372)

Security Patch Release
First: 22.04.2026 11:08 Last: 22.04.2026 11:08 Sources 1

About this happening: **Microsoft** released **out-of-band security updates** for **CVE-2026-40372**, an **ASP.NET Core Data Protection** flaw that could let attackers forge authentication cookies and...

Open Happening

Timeline

  1. 10.03.2026 19:30 2 articles · 2mo ago

    HPE patches Aruba AOS-CX authentication bypass

    Mitigation Patch Update

    Hewlett Packard Enterprise (HPE) releases security updates for Aruba Networking AOS-CX on CX-series campus and data center switch devices, fixing multiple vulnerabilities that include CVE-2026-23813, a critical authentication bypass in the web-based management interface that could let an unauthenticated remote actor bypass authentication and, in some cases, reset admin passwords. HPE also provides temporary mitigations that restrict management traffic, disable unnecessary HTTP(S) interfaces, and enforce Control Plane Access Control Lists (ACLs) while patches are deployed.

    Show sources
    Open in new tab
  2. 10.03.2026 19:30 1 articles · 2mo ago

    HPE says no public exploit code targets Aruba AOS-CX flaws

    Technical Analysis Update

    HPE states that it is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the advisory release date, and says it has not found publicly available proof-of-concept code or evidence that attackers are abusing the vulnerabilities in the wild.

    Show sources
    Open in new tab