CVE-2026-23813

CRITICAL

HPE AOS-CX Unauthenticated Authentication Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-23813. PoCs published by offseckit.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2026-23813, an authentication bypass vulnerability in HPE Aruba Networking AOS-CX. The exploit leverages an over-permissive nginx regex to smuggle a 'login' token, allowing unauthenticated access to the REST API and disclosure of the admin credential hash.

Description

A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password.

Exploits (1)

github WORKING POC

by offseckit · pythonpoc

https://github.com/offseckit/CVE-2026-23813

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2026-23813, an authentication bypass vulnerability in HPE Aruba Networking AOS-CX. The exploit leverages an over-permissive nginx regex to smuggle a 'login' token, allowing unauthenticated access to the REST API and disclosure of the admin credential hash.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: HPE Aruba Networking AOS-CX (versions ≤ 10.17.0001, ≤ 10.16.1020, ≤ 10.13.1160, ≤ 10.10.1170)

No auth needed

Prerequisites: Network access to the target AOS-CX device · Python 3.8+ with the 'requests' library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 23, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US

Scores

CVSS v3 9.8

EPSS 0.0073

EPSS Percentile 49.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (5)

Hewlett Packard Enterprise (HPE)/AOS-CX 10.10.0000 - 10.10.1170

Hewlett Packard Enterprise (HPE)/AOS-CX 10.13.0000 - 10.13.1101

Hewlett Packard Enterprise (HPE)/AOS-CX 10.13.0000 - 10.13.1160

Hewlett Packard Enterprise (HPE)/AOS-CX 10.16.0000 - 10.16.1020

Hewlett Packard Enterprise (HPE)/AOS-CX 10.17.0000 - 10.17.0001

Published Mar 11, 2026

Tracked Since Mar 11, 2026