Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
HPE Aruba 5G Core Server API Leaks Sensitive Data to Unauthenticated Users
CVE-2026-23598
Summary
An attacker can access sensitive user information and system settings without needing a login. This could lead to unauthorized access and misuse of the system. Update your HPE Aruba 5G Core server API to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| hpe | aruba_networking_private_5g_core | > 1.24.3.0 , <= 1.24.3.3 | – |
Original title
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation coul...
Original description
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.
nvd CVSS3.1
6.5
Vulnerability type
CWE-209
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocal... Patch Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026