Description
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.
Published: 2026-02-17
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

An attacker can trigger restarts of services in the HPE Aruba Networking Private 5G Core via the management API. Because the API lacks proper authentication, any user can send requests that cause the core to restart. This leads to temporary loss of connectivity and degraded availability for all dependent services, though it does not compromise confidentiality or integrity. The weakness is modeled as CWE‑400.

Affected Systems

Hewlett Packard Enterprise’s Aruba Networking Private 5G Core platform. No version range is specified in the advisory, meaning all released releases might be affected.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity, and the EPSS is under 1 %, suggesting low current exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. The attack can be launched remotely without authentication, leveraging the open management API endpoint, so exposed networks or inadequate firewalling increase the risk.

Generated by OpenCVE AI on April 17, 2026 at 18:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware or software update for HPE Aruba Networking Private 5G Core as referenced in HPE’s support documentation.
  • Restrict network access to the management API so that only trusted management servers can reach it, for example by using firewall rules or VLAN segregation.
  • Enable auditing or logging of API calls and monitor for any attempt to issue restart commands; block the source IP address or take corrective action if detected.

Generated by OpenCVE AI on April 17, 2026 at 18:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Feb 2026 01:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*

Wed, 18 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-288

Wed, 18 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Wed, 18 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-288
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Hpe
Hpe aruba Networking Private 5g Core
Vendors & Products Hpe
Hpe aruba Networking Private 5g Core

Tue, 17 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.
Title Unauthenticated Improper Access Control in management API allows unauthorized service disruption
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Hpe Aruba Networking Private 5g Core
cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2026-02-18T15:15:27.361Z

Reserved: 2026-01-14T15:40:17.991Z

Link: CVE-2026-23596

cve-icon Vulnrichment

Updated: 2026-02-18T14:41:14.495Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-17T21:22:15.913

Modified: 2026-02-28T01:30:22.830

Link: CVE-2026-23596

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T19:00:11Z

Weaknesses