Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Unauthenticated Remote Access to Restart Critical Services on Affected Product
CVE-2026-23596
Summary
An attacker can remotely restart critical services on the affected product without a password, causing disruptions to services and impacting system availability. This could be exploited if the product's management API is exposed to the internet. To protect your system, ensure the management API is not exposed to the internet or limit access to authorized users.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| hpe | aruba_networking_private_5g_core | > 1.24.3.0 , <= 1.24.3.3 | – |
Original title
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt ...
Original description
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.
nvd CVSS3.1
6.5
Vulnerability type
CWE-400
Uncontrolled Resource Consumption
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocal... Patch Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026