vulnerability

Aruba AOS-CX: CVE-2026-23817: Unauthenticated Open Redirect allows URL Manipulation in Web Interface

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:C/A:N)

Published

Mar 10, 2026

Added

Mar 16, 2026

Modified

Apr 2, 2026

Description

A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.

Solution

aruba-aos-cx-cve-2026-23817

References

CVE-2026-23817
https://attackerkb.com/topics/CVE-2026-23817
https://csaf.arubanetworking.hpe.com/2026/hpe_aruba_networking_-_hpesbnw05027.json
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-11076
CWE-601
EUVD-EUVD-2026-11076

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report