HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network switches without any credentials. The critical flaw, CVE-2026-23813, scored 9.8 out of 10 on the CVSSv3.1 scale. According to a security advisory HPE published on Tuesday, the vulnerability sits in the web-based management interface of AOS-CX switches. It requires no authentication, no privileges, and no user interaction to exploit, and can be triggered entirely over the network. “A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially...