Aruba Networking Private 5g Core
CVE-2026-23595
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.
AnalysisAI
Unauthenticated attackers can bypass API authentication in Aruba Networking Private 5G Core to create unauthorized administrative accounts, enabling full system compromise. Successful exploitation grants attackers administrative privileges to modify configurations and access sensitive data within affected deployments.
Technical ContextAI
Classified as CWE-284 (Improper Access Control). Affects Aruba Networking Private 5G Core. An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.
RemediationAI
A vendor patch is available — apply it immediately.
Unauthenticated attackers can trigger service restarts through the management API in Aruba Networking Private 5G Core, c
HPE Aruba Networking 5G Core API error handling exposes sensitive information including user accounts, roles, and system
HPE Aruba Networking 5G Core API error handling leaks sensitive information including user accounts, roles, and system c
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today