AOS-CX Switches Allow Remote URL Redirects Without Authentication

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

AOS-CX Switches Allow Remote URL Redirects Without Authentication

CVE-2026-23817

Summary

An attacker can trick users into visiting any website without needing a login. This can lead to data theft or malware installation. Manufacturers should update the switch software to fix this issue.

Original title

A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.

Original description

A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.

nvd CVSS3.1 6.5

Vulnerability type

CWE-601 Open Redirect

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocal...

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026