Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.
PUBLISHED5.2
Unauthenticated Information Disclosure in application API allows sensitive system information exposure
Affected products
Hewlett Packard Enterprise (HPE)
HPE Aruba Networking Private 5G Core
<= 1.24.3.4 - AFFECTED
References
GitHub Security Advisories
GHSA-5fc6-h8m7-2wfc
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could...
https://github.com/advisories/GHSA-5fc6-h8m7-2wfcVulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-23597Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-23597",
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"dateUpdated": "2026-02-17T20:46:45.035Z",
"dateReserved": "2026-01-14T15:40:17.991Z",
"datePublished": "2026-02-17T20:46:45.035Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe",
"dateUpdated": "2026-02-17T20:46:45.035Z"
},
"title": "Unauthenticated Information Disclosure in application API allows sensitive system information exposure",
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. </p>"
}
]
}
],
"affected": [
{
"vendor": "Hewlett Packard Enterprise (HPE)",
"product": "HPE Aruba Networking Private 5G Core",
"defaultStatus": "affected",
"versions": [
{
"version": "1.24.3.0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "1.24.3.4"
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US"
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"value": "Communication Security Establishments (CSE)",
"type": "reporter"
}
]
}
}
}