CVE-2026-23599 PUBLISHED

Local Privilege Escalation Vulnerability in HPE Aruba Networking Clear Pass Policy Manager OnGuard for Linux

Assigner: hpe
Reserved: 14.01.2026 Published: 17.02.2026 Updated: 18.02.2026

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Hewlett Packard Enterprise (HPE)
Product	HPE Aruba Networking ClearPass Policy Manager
Versions	Default: affected affected from 6.12.0 to 6.12.7 (incl.) affected from 6.11.0 to 6.11.13 (incl.)

Credits

HPE Aruba Networking Engineering Team reporter

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05012en_us&docLocale=en_US