CVE-2026-23593
Published: 27 January 2026
Summary
CVE-2026-23593 is a high-severity Path Traversal (CWE-22) vulnerability in Hpe (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-23593 is a path traversal vulnerability (CWE-22) in the web-based management interface of HPE Aruba Networking Fabric Composer. It enables an unauthenticated remote attacker to view some system files by reading files within the affected directory. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2026-01-27T18:15:56.517.
An unauthenticated remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required. Successful exploitation allows the attacker to read files within the affected directory, potentially disrupting availability as indicated by the high impact score.
The HPE security advisory provides details on mitigation and patches at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04996en_us&docLocale=en_US. Security practitioners should consult this reference for specific remediation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4780
Vulnerability details
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in unauthenticated web management interface directly enables remote exploitation of public-facing application for file access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents path traversal vulnerabilities like CVE-2026-23593 by implementing input validation mechanisms in the web-based management interface to block malicious directory traversal sequences.
Limits and controls actions performable without identification or authentication, preventing unauthenticated remote attackers from accessing system files via the vulnerable interface.
Requires identification, reporting, and timely patching of flaws such as this path traversal vulnerability, as detailed in the HPE security advisory.