{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23596", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2026-01-14T15:40:17.991Z", "datePublished": "2026-02-17T20:46:12.694Z", "dateUpdated": "2026-02-18T15:15:27.361Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "HPE Aruba Networking Private 5G Core", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"lessThanOrEqual": "1.24.3.4", "status": "affected", "version": "1.24.3.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Communication Security Establishments (CSE)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability. </p>"}], "value": "A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2026-02-17T20:46:12.694Z"}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US"}], "source": {"advisory": "HPESBNW05002", "discovery": "EXTERNAL"}, "title": "Unauthenticated Improper Access Control in management API allows unauthorized service disruption", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T14:39:55.206536Z", "id": "CVE-2026-23596", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T15:15:27.361Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T14:39:55.206536Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T14:41:14.495Z"}}], "cna": {"title": "Unauthenticated Improper Access Control in management API allows unauthorized service disruption", "source": {"advisory": "HPESBNW05002", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Communication Security Establishments (CSE)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "HPE Aruba Networking Private 5G Core", "versions": [{"status": "affected", "version": "1.24.3.0", "versionType": "semver", "lessThanOrEqual": "1.24.3.4"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.", "supportingMedia": [{"type": "text/html", "value": "<p>A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability. </p>", "base64": false}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2026-02-17T20:46:12.694Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23596", "state": "PUBLISHED", "dateUpdated": "2026-02-18T15:15:27.361Z", "dateReserved": "2026-01-14T15:40:17.991Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2026-02-17T20:46:12.694Z", "assignerShortName": "hpe"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability."}, {"lang": "es", "value": "Una vulnerabilidad en la API de gesti\u00f3n del producto afectado podr\u00eda permitir a un atacante remoto no autenticado desencadenar reinicios del servicio. La explotaci\u00f3n exitosa podr\u00eda permitir a un atacante interrumpir los servicios y afectar negativamente la disponibilidad del sistema."}], "id": "CVE-2026-23596", "lastModified": "2026-02-18T17:51:53.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2026-02-17T21:22:15.913", "references": [{"source": "security-alert@hpe.com", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2026-02-18T10:33:16.054206+00:00", "updated": "2026-02-18T10:33:16.054275+00:00", "vendors": ["hpe", "hpe$PRODUCT$aruba_networking_private_5g_core"]}