CVE-2026-23595

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-23595

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

n authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.

References
Link Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*
History

28 Feb 2026, 01:31

Type Values Removed Values Added
References () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US - () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US - Patch, Vendor Advisory
CPE cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*
First Time Hpe
Hpe aruba Networking Private 5g Core

18 Feb 2026, 16:22

Type Values Removed Values Added
CWE CWE-288 CWE-284

18 Feb 2026, 15:18

Type Values Removed Values Added
CWE CWE-288
Summary
  • (es) Una omisión de autenticación en la API de la aplicación permite la creación de una cuenta administrativa no autorizada. Un atacante remoto podría explotar esta vulnerabilidad para crear cuentas de usuario privilegiadas. La explotación exitosa podría permitir a un atacante obtener acceso administrativo, modificar configuraciones del sistema y acceder o manipular datos sensibles.

17 Feb 2026, 21:22

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-17 21:22

Updated : 2026-02-28 01:31

NVD link : CVE-2026-23595

Mitre link : CVE-2026-23595

CVE.ORG link : CVE-2026-23595

JSON object : View

Products Affected

hpe

CWE
CWE-284

Improper Access Control