CVE-2026-23595

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-23595
An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*
History

28 Feb 2026, 01:31

Type Values Removed Values Added
First Time Hpe aruba Networking Private 5g Core
Hpe
CPE cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*
References () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US - () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US - Patch, Vendor Advisory

18 Feb 2026, 16:22

Type Values Removed Values Added
CWE CWE-288 CWE-284

18 Feb 2026, 15:18

Type Values Removed Values Added
Summary
  • (es) Una omisión de autenticación en la API de la aplicación permite la creación de una cuenta administrativa no autorizada. Un atacante remoto podría explotar esta vulnerabilidad para crear cuentas de usuario privilegiadas. La explotación exitosa podría permitir a un atacante obtener acceso administrativo, modificar configuraciones del sistema y acceder o manipular datos sensibles.
CWE CWE-288

17 Feb 2026, 21:22

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-17 21:22

Updated : 2026-02-28 01:31

NVD link : CVE-2026-23595

Mitre link : CVE-2026-23595

CVE.ORG link : CVE-2026-23595

JSON object : View

Products Affected

hpe

  • aruba_networking_private_5g_core
CWE
CWE-284

Improper Access Control