HIGHCVE-2026-23595Published Modified CNA hpe
CVE-2026-23595: Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation
An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Private 5G Core≤ 1.24.3.4
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences