CVE-2026-23596
Received
Received - Intake
Unauthenticated API Access Allows Remote Service Restart Disruption
Vulnerability report for CVE-2026-23596, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-02-17
Last updated on: 2026-02-28
Assigner: Hewlett Packard Enterprise (HPE)
Description
Description
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hpe | aruba_networking_private_5g_core | From 1.24.3.0 (inc) to 1.24.3.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |