Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
HPE Aruba 5G Core Server API Leaks Sensitive Information
CVE-2026-23597
Summary
An attacker can access user accounts, roles, and system settings on an HPE Aruba 5G Core server without permission. This could lead to unauthorized access and potential privilege escalation if combined with other vulnerabilities. It's recommended to update the server to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| hpe | aruba_networking_private_5g_core | > 1.24.3.0 , <= 1.24.3.3 | – |
Original title
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation coul...
Original description
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.
nvd CVSS3.1
6.5
Vulnerability type
CWE-200
Information Exposure
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocal... Patch Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026