By Abinaya
Publication Date: 2026-03-04 08:42:00
A security bulletin has been issued regarding a vulnerability in the AutoPass License Server (APLS) that could allow attackers to remotely bypass authentication controls.
The issue is tracked as CVE-2026-23600 and is considered major with a CVSS base score of 7.3.
According to HPE, the flaw could be exploited over the network without requiring privileges or user interaction. allowing an authentication bypass.
In practice, if an APLS instance is accessible from untrusted networks, an attacker can access protected functions without valid credentials.
Potentially leads to exposure or manipulation of license-related operations and associated server data.
| CVE | Product | Affected versions | Impact | Vector CVSS v3.1 | CVSS score |
|---|---|---|---|---|---|
| CVE-2026-23600 | HPE AutoPass License Server (APLS) | Before 9.19 | Remote Authentication Bypass | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 7.3 |
HPE credits “anonymous work with TrendAI Day Zero…