CVE-2026-23592

{"id": "CVE-2026-23592", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2026-01-27T18:15:56.383", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04996en_us&docLocale=en_US", "source": "security-alert@hpe.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Insecure file operations in HPE Aruba Networking Fabric Composer\u00e2\u20ac\u2122s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system."}, {"lang": "es", "value": "Operaciones de archivo inseguras en la funcionalidad de copia de seguridad de HPE Aruba Networking Fabric Composer podr\u00edan permitir a atacantes autenticados lograr la ejecuci\u00f3n remota de c\u00f3digo. La explotaci\u00f3n exitosa podr\u00eda permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security-alert@hpe.com"}