Cyber Resilience

CVE-2026-23818

High

Published: 07 April 2026

Published
07 April 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0032 23.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-23818 is a high-severity Open Redirect (CWE-601) vulnerability in Hpe Aruba Networking Private 5G Core. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2026-23818 is an open redirect vulnerability (CWE-601) affecting the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem. Published on 2026-04-07, the issue resides in the login flow and has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). It allows an attacker to abuse a crafted URL to redirect users away from the legitimate application.

A remote attacker without privileges can exploit this by tricking a victim into accessing a malicious URL, which requires user interaction. Upon exploitation, the vulnerability redirects an authenticated user to an attacker-controlled server hosting a spoofed login page. The victim is prompted to enter credentials, which the attacker captures, before being redirected back to the legitimate login page, enabling potential credential theft.

HPE has published an advisory with mitigation guidance at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05032en_us&docLocale=en_US.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation…

more

may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Open redirect in public GUI login flow directly enables exploitation of public-facing app (T1190) via malicious link (T1566.002) to perform AiTM credential capture with spoofed page.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23595Same product: Hpe Aruba Networking Private 5G Core
CVE-2025-37105Same vendor: Hpe
CVE-2025-37164Same vendor: Hpe
CVE-2026-7504Shared CWE-601
CVE-2026-29067Shared CWE-601
CVE-2025-23363Shared CWE-601
CVE-2026-6795Shared CWE-601
CVE-2026-28512Shared CWE-601
CVE-2019-25282Shared CWE-601
CVE-2025-55031Shared CWE-601

Affected Assets

hpe
aruba networking private 5g core
≤ 1.25.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the open redirect vulnerability by applying vendor patches as specified in the HPE advisory.

prevent

Prevents exploitation of the crafted URL in the login flow by validating and sanitizing redirect parameters to block untrusted destinations.

prevent

Filters the output Location header in HTTP redirects to restrict navigation to only approved domains, stopping open redirects to attacker-controlled servers.

References