Open Redirect Vulnerability in HPE Aruba Networking Private 5G Core On-Prem
CVE-2026-23818

8.8HIGH

Key Information:

Vendor: HP (HP)
Status: Private 5g Core
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-23818?

A security flaw has been discovered in the graphical user interface (GUI) of the HPE Aruba Networking Private 5G Core On-Prem. This vulnerability allows an attacker to exploit an open redirect in the login flow through a specially crafted URL. By successfully leveraging this issue, an attacker could redirect authenticated users to a malicious server that mimics the legitimate login interface, prompting them to enter sensitive credentials. These credentials may then be harvested by the attacker, who can subsequently redirect the user back to the authentic login page, making the attack notably deceptive and harmful.

Affected Version(s)

Private 5G Core 1.0.0.0 <= 1.25.3.0

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Jan 16, 2026

Credit

HPE Aruba Networking Private5G Core Engineering

CVE-2026-23818 Data

JSON

HP (HP)

What is CVE-2026-23818?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit