CVE-2026-23595

HIGH

HPE Aruba Networking Private 5G Core 1.24.3.0-1.24.3.2 - Unauthenticated Authentication Bypass via API

Title source: llm

Description

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US

Scores

CVSS v3 8.8

EPSS 0.0009

EPSS Percentile 26.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

hpe/aruba_networking_private_5g_core 1.24.3.0 - 1.24.3.3

Published Feb 17, 2026

Tracked Since Feb 18, 2026