{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23595", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2026-01-14T15:40:17.990Z", "datePublished": "2026-02-17T20:45:43.833Z", "dateUpdated": "2026-02-18T15:18:41.436Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "HPE Aruba Networking Private 5G Core", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"lessThanOrEqual": "1.24.3.4", "status": "affected", "version": "1.24.3.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Communication Security Establishments (CSE)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data. </p>"}], "value": "An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2026-02-17T20:45:43.833Z"}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US"}], "source": {"advisory": "HPESBNW05002", "discovery": "EXTERNAL"}, "title": "Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T14:36:43.151616Z", "id": "CVE-2026-23595", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T15:18:41.436Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23595", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-18T14:36:43.151616Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T14:38:56.019Z"}}], "cna": {"title": "Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation", "source": {"advisory": "HPESBNW05002", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Communication Security Establishments (CSE)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "HPE Aruba Networking Private 5G Core", "versions": [{"status": "affected", "version": "1.24.3.0", "versionType": "semver", "lessThanOrEqual": "1.24.3.4"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.", "supportingMedia": [{"type": "text/html", "value": "<p>An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data. </p>", "base64": false}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2026-02-17T20:45:43.833Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23595", "state": "PUBLISHED", "dateUpdated": "2026-02-18T15:18:41.436Z", "dateReserved": "2026-01-14T15:40:17.990Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2026-02-17T20:45:43.833Z", "assignerShortName": "hpe"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data."}, {"lang": "es", "value": "Una omisi\u00f3n de autenticaci\u00f3n en la API de la aplicaci\u00f3n permite la creaci\u00f3n de una cuenta administrativa no autorizada. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para crear cuentas de usuario privilegiadas. La explotaci\u00f3n exitosa podr\u00eda permitir a un atacante obtener acceso administrativo, modificar configuraciones del sistema y acceder o manipular datos sensibles."}], "id": "CVE-2026-23595", "lastModified": "2026-02-18T17:51:53.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2026-02-17T21:22:15.757", "references": [{"source": "security-alert@hpe.com", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2026-02-18T10:33:16.796291+00:00", "updated": "2026-02-18T10:33:16.796374+00:00", "vendors": ["hpe", "hpe$PRODUCT$aruba_networking_private_5g_core"]}