CVE-2026-23595

High CVSS: 8.8

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.

Vendor

Hpe

Product

Aruba Networking Private 5g Core

CWE

CWE-284

Yayın Tarihi

2026-02-17 21:22:15

Güncelleme

2026-02-28 01:31:52

Source Identifier

security-alert@hpe.com

KEV Date Added

Kategoriler

CWE-284 Aruba Networking Private 5g Core HIGH Hpe 2026

Referanslar

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US

Benzer Kayıtlar

Medium

CVE-2026-23597

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated…

Medium

CVE-2026-23598

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated…

Medium

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger…

Critical

CVE-2025-37164

A remote code execution issue exists in HPE OneView.

Medium

CVE-2025-37160

A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote at…

High

CVE-2025-37155

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control…