Description
An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.
CVSS Metrics
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- adjacent network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-284
Metadata
- Primary Vendor
- HPE
- Published
- 2/17/2026
- Last Modified
- 2/28/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
hpe : aruba_networking_private_5g_core
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.