%20(1).webp?ssl=1 "Critical HPE AutoPass Vulnerability Allows Remote Authentication Bypass")
By AnuPriya
Publication Date: 2026-03-03 12:34:00
Hewlett Packard Enterprise (HPE) recently disclosed a serious flaw in its AutoPass License Server (APLS) that allows remote attackers to completely bypass login checks.
Registered as CVE-2026-23600, this authentication bypass vulnerability allows unauthenticated users to access protected functions over the network without valid credentials.
HPE published details in security bulletin HPSBGN05003 (rev.1) on February 27, 2026, with an update the next day. The issue affects APLS versions prior to 9.19.
Attackers only need access to the network, making it a simple exploit. An anonymous researcher, through Trend Micro’s Zero-Day Initiative, responsibly reported the flaw to HPE.
Vulnerability details
The core problem lies in the APLS authentication logic, which allows attackers to access sensitive functions without proper verification.
HPE gives it a score of 7.3 out of 10 on the CVSS v3.1 (high severity) scale.
The vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L shows that it is remotely…
:max_bytes(150000):strip_icc()/GettyImages-2211439570-4e2539e7cd4d4765a09eafe0d357474a.jpg?ssl=1 "Dow Jones Today: Stocks Rise for 3rd Straight Day as Investors Await News on US-China Trade Talks; Tesla, Intel Surge to Pace S&P 500")