A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.
PUBLISHED5.2
Unauthenticated Improper Access Control in management API allows unauthorized service disruption
Affected products
Hewlett Packard Enterprise (HPE)
HPE Aruba Networking Private 5G Core
<= 1.24.3.4 - AFFECTED
References
GitHub Security Advisories
GHSA-8rh3-rvv2-3mr4
A vulnerability in the management API of the affected product could allow an unauthenticated...
https://github.com/advisories/GHSA-8rh3-rvv2-3mr4A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-23596Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-23596",
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"dateUpdated": "2026-02-17T20:46:12.694Z",
"dateReserved": "2026-01-14T15:40:17.991Z",
"datePublished": "2026-02-17T20:46:12.694Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe",
"dateUpdated": "2026-02-17T20:46:12.694Z"
},
"title": "Unauthenticated Improper Access Control in management API allows unauthorized service disruption",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability. </p>"
}
]
}
],
"affected": [
{
"vendor": "Hewlett Packard Enterprise (HPE)",
"product": "HPE Aruba Networking Private 5G Core",
"defaultStatus": "affected",
"versions": [
{
"version": "1.24.3.0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "1.24.3.4"
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US"
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"value": "Communication Security Establishments (CSE)",
"type": "reporter"
}
]
}
}
}