CVE-2026-23595

Published: Feb 17, 2026Modified: Feb 28, 2026

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: security-alert@hpe.com (Secondary)

Description

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.

Affected (1)

Products: Hpe: Aruba Networking Private 5g Core

1 product

Aruba Networking Private 5g Core

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hpe Aruba Networking Private 5g Core	From 1.24.3.0 to 1.24.3.3

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US

Source: security-alert@hpe.com

PatchVendor Advisory

Timeline

No history available yet.