{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23818", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2026-01-16T15:22:49.223Z", "datePublished": "2026-04-07T12:18:11.753Z", "dateUpdated": "2026-04-07T13:17:32.192Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2026-04-07T12:18:11.753Z"}, "title": "Open Redirect Vulnerability in HPE Aruba Networking Private 5G Core On-Prem", "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "Private 5G Core", "versions": [{"status": "affected", "version": "1.0.0.0", "lessThanOrEqual": "1.25.3.0", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.</p>"}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05032en_us&docLocale=en_US"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "HPE Aruba Networking Private5G Core Engineering", "type": "remediation developer"}], "source": {"advisory": "HPESBNW05032", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-601", "lang": "en", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T13:17:29.232477Z", "id": "CVE-2026-23818", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T13:17:32.192Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23818", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T13:17:29.232477Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T13:17:23.520Z"}}], "cna": {"title": "Open Redirect Vulnerability in HPE Aruba Networking Private 5G Core On-Prem", "source": {"advisory": "HPESBNW05032", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "remediation developer", "value": "HPE Aruba Networking Private5G Core Engineering"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "Private 5G Core", "versions": [{"status": "affected", "version": "1.0.0.0", "versionType": "semver", "lessThanOrEqual": "1.25.3.0"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05032en_us&docLocale=en_US"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.", "supportingMedia": [{"type": "text/html", "value": "<p>A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.</p>", "base64": false}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2026-04-07T12:18:11.753Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23818", "state": "PUBLISHED", "dateUpdated": "2026-04-07T13:17:32.192Z", "dateReserved": "2026-01-16T15:22:49.223Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2026-04-07T12:18:11.753Z", "assignerShortName": "hpe"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hpe:aruba_networking_private_5g_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5188B9C-7E4A-456B-A8BF-FC9AFE4AE95F", "versionEndExcluding": "1.25.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page."}], "id": "CVE-2026-23818", "lastModified": "2026-04-14T21:15:02.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-07T13:16:45.587", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05032en_us&docLocale=en_US"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0.0.0,1.25.3.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Private 5G Core", "source": "cna", "vendor": "Hewlett Packard Enterprise (HPE)"}, "product": "private_5g_core", "vendor": "hpe"}], "analysis": {"en": {"generated_at": "2026-04-07T19:40:45.205195+00:00", "value": {"mitigation_remediation": ["Apply the latest security patch or update released by HPE for the affected Private 5G Core component as documented in the HPE support advisory", "Disable or restrict arbitrary redirects in the login flow, limiting allowed target URLs to trusted domains", "Enable multi\u2011factor authentication for all user accounts to mitigate the impact of stolen credentials"], "summary": {"action": "Patch", "impact": "Credential theft via phishing"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the HPE Aruba Networking Private 5G Core on\u2011prem GUI in all deployed versions of the product. Specific version information is not provided, so all installations should be treated as potentially vulnerable until a patch is applied.", "description_and_impact": "This flaw resides in the graphical interface of the HPE Aruba Private 5G Core on\u2011prem product. An attacker can craft a URL that hijacks the login flow and forces an authenticated user to be redirected to a malicious, attacker\u2011controlled address that serves a counterfeit login page. The victim may then unknowingly enter their credentials, which the attacker captures before returning them to the legitimate site. This results in potential compromise of user accounts and downstream services.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high-impact flaw. An attacker only needs to supply a crafted link\u2014such as via phishing email or embedded in a malicious site\u2014to trigger the redirect. The requirement for an authenticated user reduces the immediate exploitation window, yet once a user is lured, credential compromise is likely. EPSS data is unavailable and the issue is not listed in KEV, suggesting no confirmed widespread exploitation yet, but the high severity and credential theft possibility make this a critical concern."}}}}, "created": "2026-04-08T19:38:24.549030+00:00", "updated": "2026-04-08T19:49:44.593758+00:00", "vendors": ["hpe", "hpe$PRODUCT$private_5g_core"]}