CVE-2026-23600 – HPE AutoPass License Server – Remote Authentication Bypass

CVSS 10 CRITICAL

“A critical weakness in HPE’s AutoPass License Server allows attackers to completely bypass authentication and gain unrestricted access to licensing infrastructure.”

This update addresses CVE-2026-23600, a critical vulnerability in HPE AutoPass License Server (APLS) that allows remote authentication bypass. The flaw exists within the server’s authentication validation process, enabling attackers with network access to access protected services without valid credentials. Because APLS manages enterprise licensing and administrative functions, unauthorized access could allow attackers to manipulate licensing operations, alter configuration settings, or disrupt licensing services across enterprise systems.

CVE-2026-23600 — CVSS v3.1 Score: 10.0 (Critical). The vulnerability affects HPE AutoPass License Server versions prior to 9.19. The flaw can be exploited remotely and requires no privileges or user interaction, allowing attackers to fully bypass authentication controls and access restricted administrative capabilities. The issue creates a direct exposure of licensing infrastructure that could lead to service disruption or broader system compromise if exploited. HPE resolved the vulnerability in AutoPass License Server version 9.19.

Key Details

CWE Classification: CWE-287

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2026-23600 – HPE AutoPass License Server – Remote Authentication Bypass

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002