CVE-2026-23598 MEDIUM

CVE-2026-23598: Unauthenticated Information Disclosure in application API allows sensitive system information exposure

Vendor Hewlett Packard Enterprise (Hpe)
Product HPE Aruba Networking Private 5G Core
Published February 17, 2026
Last update February 27, 2026

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.

Key dates

02Disclosure timeline

February 17, 2026 CVE published
February 27, 2026 Record updated