CVE-2026-23818CRITICAL 9.6EPSS p23.7%

CVE-2026-23818CVE-2026-23818

Description

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.7% · 2026-06-18T12:00:27Z
Published2026-04-07
Last modified2026-04-14

Underlying weaknesses· 1

CWE-601

References

  1. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05032en_us&docLocale=en_US

1

TypeTargetConfidenceTier
WeaknessURL Redirection to Untrusted Site ('Open Redirect')cwe-6010%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-37124
CVE
CVE-2025-23060
CVE
CVE-2025-37123
CVE
CVE-2026-34257
CVE
CVE-2025-27086
CVE
CVE-2025-25039
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.