CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-17 21:22

Updated : 2026-02-28 01:31

NVD link : CVE-2026-23595

Mitre link : CVE-2026-23595

CVE.ORG link : CVE-2026-23595

JSON object : View

Products Affected

hpe

aruba_networking_private_5g_core

CWE

CWE-284

Improper Access Control

8.8 /10