Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

aruba_networking_private_5g_core

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2026-23818
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 12:18
Updated-14 Apr, 2026 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect Vulnerability in HPE Aruba Networking Private 5G Core On-Prem

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-aruba_networking_private_5g_corePrivate 5G Core
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-23598
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 20:47
Updated-28 Feb, 2026 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Information Disclosure in application API allows sensitive system information exposure

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-aruba_networking_private_5g_coreHPE Aruba Networking Private 5G Core
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2026-23597
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 20:46
Updated-02 Mar, 2026 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Information Disclosure in application API allows sensitive system information exposure

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-aruba_networking_private_5g_coreHPE Aruba Networking Private 5G Core
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-23596
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.18%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 20:46
Updated-28 Feb, 2026 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Improper Access Control in management API allows unauthorized service disruption

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-aruba_networking_private_5g_coreHPE Aruba Networking Private 5G Core
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-23595
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 20:45
Updated-28 Feb, 2026 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-aruba_networking_private_5g_coreHPE Aruba Networking Private 5G Core
CWE ID-CWE-284
Improper Access Control