CVE-2026-23818 | THREATINT

Description

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.

PUBLISHED Reserved 2026-01-16 | Published 2026-04-07 | Updated 2026-04-07 | Assigner hpe

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Product status

Default status

affected

1.0.0.0 (semver)

affected

Credits

HPE Aruba Networking Private5G Core Engineering remediation developer

References

support.hpe.com/...y?docId=hpesbnw05032en_us&docLocale=en_US

cve.org (CVE-2026-23818)

nvd.nist.gov (CVE-2026-23818)

Download JSON