HPE Alletra and Nimble Storage Vulnerability Allows Remote Attackers to Gain Admin Access

Hewlett Packard Enterprise (HPE) has issued a security bulletin for a high severity vulnerability affecting HPE Alletra and Nimble Storage arrays.

The flaw, tracked as CVE-2026-23594, could allow a remote attacker with low level access to gain full administrative control over affected systems.

The issue is described in security bulletin HPESBST04995 rev.1, published on January 20, 2026, and last updated on January 21, 2026.

HPE classifies the impact as “Remote – Elevated Privileges,” meaning the attacker can elevate their permissions once they are able to connect to the device.

Vulnerability details

The vulnerability exists in certain configurations of the HPE Alletra 6000, HPE Alletra 5000, and HPE Nimble Storage Array OS.

According to HPE, a low-privileged remote attacker can exploit this flaw to escalate to higher privileges, including administrative access.

HPE rates the bug with a CVSS v3.1 base score of 8.8 (high), using the following…