Home / Vulnerability Intelligence / CVE-2026-23813

CVE-2026-23813 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 11, 2026

AOS-CX - Authentication Bypass

Published: March 11, 2026Updated: March 11, 2026Remote Exploitable

Overview

AOS-CX switches contain an authentication bypass caused by flaws in the web-based management interface, letting unauthenticated remote actors circumvent authentication and potentially reset the admin password, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 5.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated remote attackers can bypass authentication and reset the admin password, leading to full administrative control.

Mitigation

Update to the latest version of AOS-CX switches.

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 11, 2026

🔴 CVE-2026-23813 - Critical (9.8) A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23813/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-23813
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed
EPSS: 5.0%
Social Posts: 1

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.0%Probability of exploitation in the next 30 days