CVE-2026-23595

HIGH

Application API - Auth Bypass

Title source: llm

Description

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.

References (1)

[Vendor Advisory] https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US

Scores

CVSS v3 8.8

EPSS 0.0009

EPSS Percentile 26.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-284

Status published

Affected Products (1)

hpe/aruba_networking_private_5g_core < 1.24.3.3

Timeline

Published Feb 17, 2026

Tracked Since Feb 18, 2026