CVE-2026-23595
Received
Received - Intake
Authentication Bypass in Application API Allows Unauthorized Admin Creation
Publication date: 2026-02-17
Last updated on: 2026-02-28
Assigner: Hewlett Packard Enterprise (HPE)
Description
Description
An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hpe | aruba_networking_private_5g_core | From 1.24.3.0 (inc) to 1.24.3.3 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
