9.8
CVSS 3.1
Share
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Lifecycle Timeline
2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 08, 2026 - 10:15 nvd
CRITICAL 9.8
DescriptionNVD
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.
AnalysisAI
Aruba HiSpeed Cache WordPress plugin (before 3.0.3) has missing authorization allowing unauthenticated access to cache management functions with full CIA impact.
Technical ContextAI
The plugin lacks authorization checks (CWE-862) on cache management functions. Attackers can purge caches (causing performance degradation), manipulate cached content, or access cached sensitive data.
Affected ProductsAI
Aruba HiSpeed Cache before 3.0.3
RemediationAI
Update to version 3.0.3 or later.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).