Cyber Resilience

CVE-2026-23595

High

Published: 17 February 2026

Published
17 February 2026
Modified
28 February 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0030 21.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-23595 is a high-severity Improper Access Control (CWE-284) vulnerability in Hpe Aruba Networking Private 5G Core. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Create Account (T1136); ranked at the 21.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-23595, published on 2026-02-17, is an authentication bypass vulnerability (CWE-284: Improper Access Control) in the application API. It has a CVSS 3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The flaw affects an HPE product, as detailed in the vendor's security bulletin.

A remote attacker with adjacent network access can exploit this vulnerability without privileges or user interaction. Exploitation allows creation of unauthorized administrative accounts, leading to full administrative access. This enables modification of system configurations and access or manipulation of sensitive data.

The HPE security advisory at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US provides details on mitigation and patching.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations,…

more

and access or manipulate sensitive data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Auth bypass in API directly enables unauthorized admin account creation (T1136) via exploitation of remote service (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23818Same product: Hpe Aruba Networking Private 5G Core
CVE-2025-37157Same vendor: Hpe
CVE-2025-37158Same vendor: Hpe
CVE-2024-23920Shared CWE-284
CVE-2025-1260Shared CWE-284
CVE-2025-37105Same vendor: Hpe
CVE-2026-0386Shared CWE-284
CVE-2025-37164Same vendor: Hpe
CVE-2026-21667Shared CWE-284
CVE-2026-21262Shared CWE-284

Affected Assets

hpe
aruba networking private 5g core
1.24.3.0 — 1.24.3.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access, directly preventing authentication bypass that allows unauthorized API access to create administrative accounts.

prevent

Requires unique identification and authentication of organizational users before access, mitigating the authentication bypass vulnerability in the application API.

prevent

Manages system accounts including creation, approval, and monitoring to prevent unauthorized privileged account establishment via the exploited API.

References