CVE-2026-23598

{"id": "CVE-2026-23598", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-02-17T21:22:16.193", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US", "tags": ["Patch", "Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities."}, {"lang": "es", "value": "Vulnerabilidades en el manejo de errores de una API del servidor HPE Aruba Networking 5G Core podr\u00edan permitir a un atacante en remoto no autenticado obtener informaci\u00f3n sensible. Si se explota con \u00e9xito podr\u00eda permitir a un atacante acceder a detalles como cuentas de usuario, roles y configuraci\u00f3n del sistema, as\u00ed como obtener informaci\u00f3n sobre servicios internos y flujos de trabajo, aumentando el riesgo de acceso no autorizado e incremento de privilegios cuando se combina con otras vulnerabilidades."}], "lastModified": "2026-02-28T01:30:07.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDECC3E6-DBAF-4074-BC96-4FC679303158", "versionEndIncluding": "1.24.3.3", "versionStartIncluding": "1.24.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}