HPE Aruba Networking Vulnerability Allows Privilege Escalation and DoS Attacks

Recently, Hewlett Packard Enterprise (HPE) revealed serious defects in its Aruba Networking Private 5G Core software. These vulnerabilities enable denial-of-service (DoS) attacks and privilege escalation by distant attackers on nearby networks. On February 10, 2026, the HPESBNW05002 advisory was released.

Overview of Vulnerabilities Versions 1.24.3.0 through 1.24.3 of HPE Aruba Networking Private 5G Core are vulnerable to four flaws.3. Unauthenticated exploits are made possible by defects in the application and management APIs. Upgrading is necessary because there is no workaround. With a CVSS score of 8.8 (High), CVE-2026-23595 is the most serious.

It permits attackers to create admin accounts for complete control, including the ability to modify configuration and manipulate data, by circumventing authentication in the application API. Adjacent network access is necessary for attackers (AV:A).

DoS is enabled through the management API in CVE-2026-23596 (CVSS 6.5, Medium). 5G core availability may be disrupted by unauthenticated users forcing service restarts. Due to API errors, CVE-2026-23597 and CVE-2026-23598 (both CVSS 6.5, Medium) expose private information such as user accounts, roles, and configurations.

When chained with others, this facilitates additional attacks. CVSS v3.1 Score Impact Type CVE ID CVE-2026-23595 vector 8.8 Escalation of Privilege AV:A/AC:L/PR:N/UI:N/S:CVE-2026-23596 6.5 U/C:H/I:H/A:H DoS (Restart Service) AV:A/AC:L/PR:N/UI:N/S:CVE-2026-23597 6.5 U/C:N/I:N/A:H Disclosure of Information AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-23598 6.5 Disclosure of Information AV:A/AC:L/PR:N/UI:These defects were discovered by Canada's Communications Security Establishment (CSE). Safe versions are 1.24.2.2 and 1.25.1.0+. Network-adjacent threats pose a significant risk to private 5G setups in businesses.

Use the HPE portal to update to 1.25.1.0 or later. Segment networks to prevent access from nearby networks. Keep an eye out for irregularities in API traffic.

HPE calls for swift action to safeguard the integrity of the 5G infrastructure.

Use the HPE portal to update to 1.25.1.0 or later. Segment networks to prevent access from nearby networks. Keep an eye out for irregularities in API traffic.

HPE calls for swift action to safeguard the integrity of the 5G infrastructure.

HPE Aruba Networking Vulnerability Allows Privilege Escalation and DoS Attacks

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026

HPE Aruba Networking Vulnerability Allows Privilege Escalation and DoS Attacks

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026