High severity8.8NVD Advisory· Published Apr 7, 2026· Updated Apr 14, 2026

CVE-2026-23818

Description

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.

Affected products

HPE/Aruba Networking Private 5g Core
cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*
Range: <1.25.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.hpe.com/hpesc/public/docDisplaynvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000