- 81/2026
- High
HPE Aruba has released a security update to fix a vulnerability affecting HPE Aruba Networking Private 5G Core.
The addressed vulnerability could allow the attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to the attacker-controlled server hosting a spoofed login page, prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker before being redirected back to the legitimate login page.
The addressed vulnerability:
HPE Aruba Networking Private 5G Core Open Redirect Vulnerability (CVE-2026- 23818):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
CVE-2026-23818
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.