HPE Aruba Private 5G Vulnerability Exposes Credentials to Theft

Severity: High (Score: 72.0)

Sources: Gbhackers, Cybersecuritynews

Summary

A critical vulnerability in HPE Aruba Networking's Private 5G Core On-Prem platform has been disclosed, allowing attackers to exploit an open redirect issue in the login process. This flaw, tracked as CVE-2026-23818 and documented in security bulletin HPESBNW05032EN_US, enables the silent harvesting of administrative login credentials through the platform's graphical user interface (GUI). Organizations using this system are at significant risk, as the vulnerability could lead to unauthorized access and potential data breaches. The CVE was published on April 7, 2026, and the security community is urged to take immediate action to mitigate risks. No specific exploitations have been reported yet, but the severity of the vulnerability necessitates prompt attention from affected enterprises. Key Points: • CVE-2026-23818 allows credential theft via an open redirect in HPE Aruba's GUI. • The vulnerability affects enterprise networks using HPE Aruba Private 5G Core On-Prem. • Organizations are urged to address this critical flaw to prevent unauthorized access.

Key Entities

• Data Breach (attack_type)
• Hewlett-Packard Enterprise (company)
• CVE-2026-23818 (cve)
• Aruba Networking Private 5G Core On-Prem Platform (platform)