CVE-2026-0869
Published: 03 March 2026
Summary
CVE-2026-0869 is a high-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Broadcom Brocade Active Support Connectivity Gateway. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations to prevent unauthorized low-privilege users from bypassing authentication and performing privileged ASCG operations on BSL and streaming configuration.
Uniquely identifies and authenticates organizational users, directly countering the authentication bypass vulnerability in Brocade ASCG 3.4.0.
Identifies, reports, and corrects the specific authentication bypass flaw in Brocade ASCG 3.4.0 through timely remediation and patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass in network-accessible ASCG app directly enables remote exploitation of public-facing service (T1190) and unauthorized elevation to perform restricted config/disable operations (T1068).
NVD Description
Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches…
more
within the fabric.
Deeper analysisAI
CVE-2026-0869 is an authentication bypass vulnerability in Brocade ASCG version 3.4.0, published on 2026-03-03. The flaw, associated with CWE-305, enables an unauthorized user to perform ASCG operations related to Brocade Support Link (BSL) and streaming configuration. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
An attacker requires low privileges (PR:L) to exploit the vulnerability remotely over the network without user interaction. Successful exploitation allows the attacker to conduct unauthorized ASCG operations on BSL and streaming configuration, and potentially disable the ASCG application entirely or prevent BSL data collection on Brocade switches within the fabric.
Mitigation details are available in the vendor security advisory at https://support.broadcom.com/external/content/SecurityAdvisories/0/37121.
Details
- CWE(s)