What the vulnerability does
01Description
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4.
Explanation of Vulnerability in Simple Terms
02Summary
Aruba HiSpeed Cache versions 3.0.4 and earlier lack proper authorization checks, allowing unauthenticated attackers to read and modify sensitive data. The vulnerability requires only network access and no user interaction. An attacker can exploit this to access or alter cached content without permission.
What an attacker can do
03Attacker Capabilities
Read and modify cached data without authentication.
Potential impact on your site
04Site Impact
Cached sensitive data (user sessions, credentials, private content) can be viewed or altered by anyone on the network.
Conditions required to exploit
05Prerequisites
Network access to the affected Aruba HiSpeed Cache instance; no authentication required.
Key dates
06Disclosure timeline
February 19, 2026
CVE published
April 28, 2026
Record updated