Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Unauthorized Administrative Accounts Can Be Created in Application API
CVE-2026-23595
Summary
A weakness in the application's API allows an attacker to create administrative accounts without permission. This could lead to sensitive data being accessed or modified, and system configurations being changed. Users should update the application to the latest version to prevent unauthorized access.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| hpe | aruba_networking_private_5g_core | > 1.24.3.0 , <= 1.24.3.3 | – |
Original title
An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. S...
Original description
An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.
nvd CVSS3.1
8.8
Vulnerability type
CWE-284
Improper Access Control
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocal... Patch Vendor Advisory
Published: 17 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026