CVE-2026-23597

Medium CVSS: 6.5

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.

Vendor

Hpe

Product

Aruba Networking Private 5g Core

CWE

CWE-200

Yayın Tarihi

2026-02-17 21:22:16

Güncelleme

2026-03-02 13:29:10

Source Identifier

security-alert@hpe.com

KEV Date Added

Kategoriler

CWE-200 Aruba Networking Private 5g Core MEDIUM Hpe 2026

Referanslar

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US

Benzer Kayıtlar

Medium

CVE-2026-23598

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated…

High

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote at…

Medium

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger…

Critical

CVE-2025-37164

A remote code execution issue exists in HPE OneView.

Medium

CVE-2025-37160

A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote at…

High

CVE-2025-37155

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control…