An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.
PUBLISHED5.2
Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation
Affected products
Hewlett Packard Enterprise (HPE)
HPE Aruba Networking Private 5G Core
<= 1.24.3.4 - AFFECTED
References
GitHub Security Advisories
GHSA-74jq-6q38-p5wf
An authentication bypass in the application API allows an unauthorized administrative account to...
https://github.com/advisories/GHSA-74jq-6q38-p5wfAn authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-23595Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-23595",
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"dateUpdated": "2026-02-17T20:45:43.833Z",
"dateReserved": "2026-01-14T15:40:17.990Z",
"datePublished": "2026-02-17T20:45:43.833Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe",
"dateUpdated": "2026-02-17T20:45:43.833Z"
},
"title": "Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data. </p>"
}
]
}
],
"affected": [
{
"vendor": "Hewlett Packard Enterprise (HPE)",
"product": "HPE Aruba Networking Private 5G Core",
"defaultStatus": "affected",
"versions": [
{
"version": "1.24.3.0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "1.24.3.4"
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US"
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "Communication Security Establishments (CSE)",
"type": "reporter"
}
]
}
}
}