CVE-2026-0869 HIGH

CVE-2026-0869: Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0

Vendor Brocade
Product ASCG
Weakness CWE-305
Published March 3, 2026
Last update March 4, 2026

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L

What the vulnerability does

01Description

Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.

Key dates

02Disclosure timeline

March 3, 2026 CVE published
March 4, 2026 Record updated