CVE-2026-23818
Awaiting Analysis Awaiting Analysis - Queue
Open Redirect in HPE Aruba 5G Core GUI Enables Credential Theft

Publication date: 2026-04-07

Last updated on: 2026-04-14

Assigner: Hewlett Packard Enterprise (HPE)

Description
A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23818
EUVD
EUVD-2026-19600
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hpe aruba_networking_private_5g_core to 1.25.3.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability could lead to credential theft through a spoofed login page, potentially resulting in unauthorized access to sensitive data.

Such unauthorized access and credential compromise may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information.

Specifically, failure to protect user credentials and prevent phishing attacks could lead to violations of data protection and privacy requirements under these regulations.

Executive Summary

This vulnerability exists in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem. It is an open redirect vulnerability in the login flow that can be exploited using a specially crafted URL.

An attacker can use this flaw to redirect an authenticated user to a malicious server controlled by the attacker. This server hosts a fake login page designed to trick the user into entering their credentials.

Once the user submits their credentials on the spoofed page, the attacker can capture them before the user is redirected back to the legitimate login page, making the attack stealthy.

Impact Analysis

This vulnerability can lead to credential theft by tricking authenticated users into submitting their login information to an attacker-controlled site.

If exploited, attackers could gain unauthorized access to user accounts, potentially compromising sensitive data and system integrity.

The CVSS score of 8.8 indicates a high severity, meaning the impact on confidentiality, integrity, and availability can be significant.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23818. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart