By Abinaya
Publication Date: 2026-01-23 10:09:00
a critic privilege escalation A vulnerability affecting multiple storage platforms could allow remote attackers to gain administrative access without physical interaction.
The flaw, tracked as CVE-2026-23594, affects HPE Alletra 6000, Alletra 5000, and Nimble Storage arrays running vulnerable. firmware versions.
The vulnerability exists in specific configurations of the affected storage operating systems and allows remote elevation of privileges when exploited.
With a CVSS v3.1 score of 8.8 (High), the flaw requires low attack complexity and only low-level privileges to exploit, making it particularly dangerous for enterprise environments where storage systems are accessible over the network.
| CVE ID | CVSS 3.1 Vector | CVSS Score | Gravity | Impact type | attack vector |
|---|---|---|---|---|---|
| CVE-2026-23594 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 8.8 | High | Remote Elevation of Privilege | Network |
According to HPE Security Bulletin HPESBST04995, successful exploitation grants…
