CVE-2026-23818

High

Published: 07 April 2026

Published

07 April 2026

Modified

14 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0005 14.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23818 is a high-severity Open Redirect (CWE-601) vulnerability in Hpe Aruba Networking Private 5G Core. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the open redirect vulnerability by applying vendor patches as specified in the HPE advisory.

SI-10 Information Input Validation good match

prevent

Prevents exploitation of the crafted URL in the login flow by validating and sanitizing redirect parameters to block untrusted destinations.

SI-15 Information Output Filtering good match

prevent

Filters the output Location header in HTTP redirects to restrict navigation to only approved domains, stopping open redirects to attacker-controlled servers.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1566.002 Spearphishing Link Initial Access

Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.

attack.mitre.org →

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

Open redirect in public GUI login flow directly enables exploitation of public-facing app (T1190) via malicious link (T1566.002) to perform AiTM credential capture with spoofed page.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation…

may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.

Deeper analysisAI

CVE-2026-23818 is an open redirect vulnerability (CWE-601) affecting the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem. Published on 2026-04-07, the issue resides in the login flow and has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). It allows an attacker to abuse a crafted URL to redirect users away from the legitimate application.

A remote attacker without privileges can exploit this by tricking a victim into accessing a malicious URL, which requires user interaction. Upon exploitation, the vulnerability redirects an authenticated user to an attacker-controlled server hosting a spoofed login page. The victim is prompted to enter credentials, which the attacker captures, before being redirected back to the legitimate login page, enabling potential credential theft.

HPE has published an advisory with mitigation guidance at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05032en_us&docLocale=en_US.