CVE-2026-23597

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*

History

28 Feb 2026, 01:28

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hpe:aruba_networking_private_5g_core::::::::
First Time		Hpe aruba Networking Private 5g Core Hpe
References	~~() https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US -~~	() https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US - Patch, Vendor Advisory

18 Feb 2026, 15:18

Type	Values Removed	Values Added
CWE		CWE-200
Summary		(es) Vulnerabilidades en el manejo de errores de una API de servidor HPE Aruba Networking 5G Core podrían permitir a un atacante en remoto no autenticado obtener información sensible. si se explota éxito podría permitir a un atacante acceder a detalles como cuentas de usuario, roles y configuración del sistema, así como obtener información sobre servicios internos y flujos de trabajo, aumentando el riesgo de acceso no autorizado e incremento de privilegios cuando se combina con otras vulnerabilidades.

17 Feb 2026, 21:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-17 21:22

Updated : 2026-03-02 13:29

NVD link : CVE-2026-23597

Mitre link : CVE-2026-23597

CVE.ORG link : CVE-2026-23597

JSON object : View

Products Affected

hpe

aruba_networking_private_5g_core

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2026-23597", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-02-17T21:22:16.053", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US", "tags": ["Patch", "Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities."}, {"lang": "es", "value": "Vulnerabilidades en el manejo de errores de una API de servidor HPE Aruba Networking 5G Core podr\u00edan permitir a un atacante en remoto no autenticado obtener informaci\u00f3n sensible. si se explota \u00e9xito podr\u00eda permitir a un atacante acceder a detalles como cuentas de usuario, roles y configuraci\u00f3n del sistema, as\u00ed como obtener informaci\u00f3n sobre servicios internos y flujos de trabajo, aumentando el riesgo de acceso no autorizado e incremento de privilegios cuando se combina con otras vulnerabilidades."}], "lastModified": "2026-03-02T13:29:10.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDECC3E6-DBAF-4074-BC96-4FC679303158", "versionEndIncluding": "1.24.3.3", "versionStartIncluding": "1.24.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}