By Divya
Publication Date: 2026-03-03 11:42:00
Hewlett Packard Enterprise (HPE) has revealed a remote control authentication bypass vulnerability in HPE AutoPass License Server (APLS) that could allow unauthenticated attackers to bypass network login controls.
The issue is tracked as CVE-2026-23600 and was fixed in APLS 9.19 and later.
| Article | Details |
|---|---|
| supplier newsletter | HPESBGN05003 rev.1 (Security Bulletin), initially published February 27, 2026; last updated on February 28, 2026. |
| CVE | CVE-2026-23600 (NVD entry available). |
| Impact | Remote authentication bypass (unauthorized access without valid credentials). |
| Affected / Fixed | APLS versions prior to 9.19 are affected; Please upgrade to APLS 9.19 or later to fix it. |
Technical details
HPE claims the vulnerability exists on the HPE AutoPass License Server (APLS) and “could be remotely exploited to allow authentication bypass,” meaning that an attacker could achieve protected functionality without completing normal authentication.
HPE associates the issue with CVE-2026-23600 and gives it a score of 7.3…
