CVE-2026-23598

MEDIUM EPSS 24.4%

Published Feb 17, 20264mo ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Feb 17, 2026 4mo ago

Last Modified Jun 17, 2026 1w ago

Description

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.

CVSS Details

Base Score

6.5

Exploitability

2.8

Impact

3.6

Vector string

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

24.4% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-209

Affected Products 1

Vendor	Product	Version	Range
hpe	aruba_networking_private_5g_core	*	≥1.24.3.0 – ≤1.24.3.3

References 1

support.hpe.com https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US

PatchVendor Advisory

Remediation

support.hpe.com https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US

PatchVendor Advisory