Aruba Networking Private 5g Core
CVE-2026-23596
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.
AnalysisAI
Unauthenticated attackers can trigger service restarts through the management API in Aruba Networking Private 5G Core, causing denial of service and disrupting system availability. This network-adjacent vulnerability requires no authentication or user interaction and has a publicly available patch to remediate the issue.
Technical ContextAI
Classified as CWE-400 (Uncontrolled Resource Consumption). Affects Aruba Networking Private 5G Core. A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.
RemediationAI
A vendor patch is available — apply it immediately.
Unauthenticated attackers can bypass API authentication in Aruba Networking Private 5G Core to create unauthorized admin
HPE Aruba Networking 5G Core API error handling exposes sensitive information including user accounts, roles, and system
HPE Aruba Networking 5G Core API error handling leaks sensitive information including user accounts, roles, and system c
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today