Description
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory.
Published: 2026-01-27
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated remote file read resulting in data exposure
Action: Patch
AI Analysis

Impact

An unauthenticated attacker can exploit the web‑based management interface of HPE Aruba Networking Fabric Composer to read files that reside within the affected directory. The flaw does not grant code execution but can expose configuration, credential or other sensitive files, thereby compromising confidentiality and potentially enabling further attacks.

Affected Systems

HPE Aruba Networking Fabric Composer is impacted. No specific version range is supplied, so all released versions of the product should be considered vulnerable until a vendor notification clarifies the scope.

Risk and Exploitability

The CVSS score of 7.5 indicates moderate‑to‑high severity, while the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to reach the web interface without authentication, an attack vector common to many web management ports.

Generated by OpenCVE AI on April 18, 2026 at 02:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HPE Aruba Firmware or software patch that addresses the limited file read flaw.
  • Restrict management‑interface access to a trusted network segment or enforce firewall rules that block external traffic.
  • Enable logging and monitor for unauthenticated requests to the Fabric Composer web interface to detect potential probing attempts.

Generated by OpenCVE AI on April 18, 2026 at 02:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Arubanetworks
Arubanetworks fabric Composer
Vendors & Products Arubanetworks
Arubanetworks fabric Composer

Tue, 27 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory.
Title Unauthenticated Limited File Read allows Data Exposure in Web Interface
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Arubanetworks Fabric Composer
cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2026-02-27T14:32:15.830Z

Reserved: 2026-01-14T15:40:17.990Z

Link: CVE-2026-23593

cve-icon Vulnrichment

Updated: 2026-01-27T18:41:14.101Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T18:15:56.517

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23593

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:15:05Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')