HPE Patches Critical Authentication Bypass Flaw in AutoPass License Server Hewlett Packard Enterprise (HPE) has addressed a severe remote authentication-bypass vulnerability in its AutoPass License Server (APLS), tracked as CVE-2026-23600, which could allow unauthenticated attackers to bypass login controls over the network. The flaw, disclosed in HPE Security Bulletin HPESBGN05003 rev.1 (published February 27, 2026, with a final update on February 28, 2026), affects APLS versions prior to 9.19. HPE rates the vulnerability as 7.3 (High) on the CVSS v3.1 scale, citing network-based exploitation with low attack complexity, no required privileges, and no user interaction. Successful exploitation could grant attackers access to protected functionality without valid credentials. The issue was responsibly reported by an anonymous researcher through the Trend Micro Zero Day Initiative. HPE’s remediation requires upgrading to APLS 9.19 or later, with no known workarounds beyond patching. Additional defensive measures include restricting network access to license servers, isolating them behind VPNs or dedicated management networks, and monitoring for anomalous authentication attempts. Organizations running affected versions are advised to apply the update promptly, as the flaw exposes high-value infrastructure to potential unauthorized access.

HPE Discloses Critical Flaws in Aruba Networking Private 5G Core Software Hewlett Packard Enterprise (HPE) has revealed four critical vulnerabilities in its Aruba Networking Private 5G Core software, which could allow remote attackers on adjacent networks to escalate privileges, launch denial-of-service (DoS) attacks, and expose sensitive data. The advisory (HPESBNW05002) was published on February 10, 2026, affecting versions 1.24.3.0 through 1.24.3.3. The flaws, discovered by Canada’s Communications Security Establishment (CSE), stem from weaknesses in the application and management APIs, enabling unauthenticated exploitation. No workarounds are available, making upgrades mandatory. ### Key Vulnerabilities: - CVE-2026-23595 (CVSS 8.8, High) – Authentication bypass in the application API, allowing attackers to create admin accounts for full system control, including configuration changes and data manipulation. - CVE-2026-23596 (CVSS 6.5, Medium) – DoS via the management API, forcing service restarts and disrupting 5G core availability. - CVE-2026-23597 & CVE-2026-23598 (CVSS 6.5, Medium) – Information disclosure through API errors, leaking user accounts, roles, and configurations to facilitate further attacks. All vulnerabilities require adjacent network access (AV:A), posing a significant risk to enterprise private 5G deployments. HPE has released patches in version 1.25.1.0 or later, with unaffected versions being 1.24.2.2 and below. Organizations are advised to upgrade immediately and implement network segmentation to mitigate risks.

HPE Patches High-Severity Privilege Escalation Flaw in Alletra and Nimble Storage Arrays Hewlett Packard Enterprise (HPE) has addressed a high-severity vulnerability (CVE-2026-23594) in its Alletra and Nimble Storage arrays, which could allow remote attackers with low-level access to gain full administrative control. The flaw, detailed in Security Bulletin HPESBST04995 rev.1, was published on January 20, 2026, with an update released the following day. The vulnerability affects specific configurations of HPE Alletra 6000, Alletra 5000, and Nimble Storage arrays, enabling privilege escalation with a CVSS v3.1 score of 8.8 (High). Exploitation requires only low-privilege network access, with no user interaction needed, and poses severe risks to confidentiality, integrity, and availability. Impacted versions include: - HPE Alletra 6000/5000: OS versions prior to 6.1.2.800 and 6.1.3 versions before 6.1.3.300 - HPE Nimble Storage (Hybrid Flash & All Flash Arrays): Same vulnerable versions as above HPE has released patches (6.1.2.800 and 6.1.3.300) to mitigate the issue. The company advises administrators to upgrade affected systems immediately and review access controls to limit exposure. Support is available through HPE’s Product Security Response Team for further assistance.

Critical HPE OneView Vulnerability Exploited in Large-Scale Botnet Campaign A coordinated exploitation campaign by the Linux-based RondoDox botnet is actively targeting CVE-2025-37164, a critical remote code execution (RCE) vulnerability in HPE OneView, a widely used IT infrastructure management platform. The flaw, disclosed on 16 December 2025 with a CVSS score of 10, allows unauthenticated attackers to execute arbitrary commands via the ExecuteCommand REST API endpoint due to missing authentication and authorization checks. Security firm Check Point Research detected the campaign, reporting a sharp escalation from early probing attempts to large-scale automated attacks in January 2026. Between 05:45 and 09:20 UTC on 7 January, over 40,000 exploitation attempts were recorded, with the activity attributed to the RondoDox botnet, which has previously targeted high-profile vulnerabilities like CVE-2025-55182 (React2Shell). The vulnerability affects HPE OneView’s id-pools functionality, enabling attackers to execute commands directly on the underlying OS without authentication. Check Point reported the campaign to CISA, leading to the flaw’s inclusion in the Known Exploited Vulnerabilities (KEV) catalog on the same day. Organizations using HPE OneView are at high risk, as the botnet’s focus on unpatched edge and perimeter infrastructure increases the potential for widespread compromise. The incident underscores the urgency of applying patches and implementing compensating controls to mitigate exposure.

A critical vulnerability in HPE Aruba Networking Instant On Access Points allows attackers to bypass device authentication mechanisms completely. The flaw, tracked as CVE-2025-37103, involves hardcoded login credentials embedded within the devices’ software. This presents a severe security risk with a maximum CVSS score of 9.8. The vulnerability affects firmware 3.2.0.1 and below, potentially exposing countless enterprise networks to unauthorized administrative access. The issue was discovered through HPE Aruba Networking’s Bug Bounty program and requires an immediate firmware update to mitigate the risk.

HPE's Insight Remote Support tool has a critical vulnerability tracked as CVE-2024-53676, potentially allowing unauthenticated attackers to execute code on affected systems. The flaw allows for directory traversal attacks to overwrite system files, leading to SYSTEM-level privileges being compromised. There are currently no patches available. This vulnerability exposes organizations to significant risks, as attackers can deploy malicious payloads without authentication. The current suggested mitigations include isolating management interfaces, monitoring file operations, and analyzing SOAP traffic for suspicious activities. As exploit techniques are being refined, timely and stringent defensive measures are essential to prevent possible active exploitations that could severely impact operations and sensitive data.

In 2024, Hewlett Packard Enterprise (HPE) disclosed a significant data breach orchestrated by the state-linked hacking group Midnight Blizzard (APT29). The attackers compromised a Microsoft 365 email account as early as May 2023, remaining undetected for seven months until December 2023. While only a small percentage of mailboxes—primarily in cybersecurity and business operations—were accessed, the exposed emails contained highly sensitive personal identifiers, including Social Security numbers, driver’s licenses, and payment card details.The breach underscored the vulnerabilities of unencrypted email systems, as the attackers exfiltrated months of communications containing financial reports, identity documents, and internal strategies. Had end-to-end encryption been in place, the stolen data would have been rendered unusable (ciphertext) without the account owners’ private keys. The incident highlighted how dwell time in email breaches can lead to massive data exposure, as archives often span years of historical communications. HPE’s case serves as a warning that even global enterprises with robust security measures are not immune to sophisticated, prolonged cyber intrusions targeting email environments.

In October 2016, Hewlett-Packard Enterprise (HPE) experienced a significant data breach involving a compromised laptop belonging to an employee working on a U.S. Navy contract. The breach exposed sensitive information from the Career Waypoints (C-WAY) database, a system used by sailors to manage reenlistment requests and Navy Occupational Specialty details. The leaked data included personal information of 134,386 current and former U.S. Navy sailors, such as names and Social Security numbers (SSNs). The incident stemmed from unauthorized access to the employee’s laptop, which contained unencrypted C-WAY records. While the exact method of compromise was not disclosed, the exposure of such highly sensitive military personnel data posed severe risks, including identity theft, targeted phishing, and potential national security concerns. The U.S. Navy, alongside HPE, launched an investigation, but the breach underscored critical vulnerabilities in third-party contractor security protocols and the handling of classified or personally identifiable information (PII). The fallout included reputational damage to HPE, heightened scrutiny over defense contractor cybersecurity practices, and mandatory credit monitoring for affected sailors. The breach also prompted reviews of data encryption standards and access controls for systems managing military personnel records.