cvedb.io
CVE-2026-23818
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-04-07T13:16:45.587 · Last modified 2026-06-17T10:22:09.113

Summary

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.

Affected products

hpe — aruba_networking_private_5g_core

Does this affect you?

Add your gear to cvedb and we'll alert you only when hpe ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.