CVE 8.8 HIGH

Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation_CVE-2026-23595

February 17, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.

AI Analysis

Unauthenticated authentication bypass vulnerability in HPE Aruba Networking Private 5G Core API allowing creation of privileged user accounts

Basic Information

ID CVE-2026-23595

Source hpe

Published Feb 17, 2026 at 20:45

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product HPE Aruba Networking Private 5G Core

Version 1.24.3.0

Affected Versions Hewlett Packard Enterprise (HPE) HPE Aruba Networking Private 5G Core 1.24.3.0

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Hewlett Packard Enterprise (HPE)

Product HPE Aruba Networking Private 5G Core

Version 1.24.3.0

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.",
    "published": "2026-02-17T20:45:43.833Z",
    "modified": "2026-02-17T20:45:43.833Z",
    "type": "cve",
    "title": "Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US",
    "id": "CVE-2026-23595",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) HPE Aruba Networking Private 5G Core 1.24.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Aruba Networking Private 5G Core",
    "version": "1.24.3.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "Unauthenticated authentication bypass vulnerability in HPE Aruba Networking Private 5G Core API allowing creation of privileged user accounts",
    "ai_severity": "High",
    "ai_vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_product": "HPE Aruba Networking Private 5G Core",
    "ai_version": "1.24.3.0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply