Hewlett Packard Enterprise: HPE Alletra and Nimble Storage Vulnerability Allows Remote Attackers to Gain Admin Access

HPE Patches High-Severity Privilege Escalation Flaw in Alletra and Nimble Storage Arrays

Hewlett Packard Enterprise (HPE) has addressed a high-severity vulnerability (CVE-2026-23594) in its Alletra and Nimble Storage arrays, which could allow remote attackers with low-level access to gain full administrative control. The flaw, detailed in Security Bulletin HPESBST04995 rev.1, was published on January 20, 2026, with an update released the following day.

The vulnerability affects specific configurations of HPE Alletra 6000, Alletra 5000, and Nimble Storage arrays, enabling privilege escalation with a CVSS v3.1 score of 8.8 (High). Exploitation requires only low-privilege network access, with no user interaction needed, and poses severe risks to confidentiality, integrity, and availability.

Impacted versions include:

• HPE Alletra 6000/5000: OS versions prior to 6.1.2.800 and 6.1.3 versions before 6.1.3.300
• HPE Nimble Storage (Hybrid Flash & All Flash Arrays): Same vulnerable versions as above

HPE has released patches (6.1.2.800 and 6.1.3.300) to mitigate the issue. The company advises administrators to upgrade affected systems immediately and review access controls to limit exposure. Support is available through HPE’s Product Security Response Team for further assistance.

Source: https://cyberpress.org/hpe-alletra-and-nimble-storage-vulnerability-allows-remote-attackers-to-gain-admin-access/

Hewlett Packard Enterprise cybersecurity rating report: https://www.rankiteo.com/company/hewlett-packard-enterprise

"id": "HEW1769152921",
"linkid": "hewlett-packard-enterprise",
"type": "Vulnerability",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Technology/Storage Solutions',
                        'name': 'Hewlett Packard Enterprise (HPE)',
                        'type': 'Corporation'}],
 'attack_vector': 'Network',
 'date_publicly_disclosed': '2026-01-20',
 'date_resolved': '2026-01-21',
 'description': 'Hewlett Packard Enterprise (HPE) has addressed a '
                'high-severity vulnerability (CVE-2026-23594) in its Alletra '
                'and Nimble Storage arrays, which could allow remote attackers '
                'with low-level access to gain full administrative control. '
                'The flaw enables privilege escalation with a CVSS v3.1 score '
                'of 8.8 (High). Exploitation requires only low-privilege '
                'network access, with no user interaction needed, and poses '
                'severe risks to confidentiality, integrity, and availability.',
 'impact': {'operational_impact': 'Severe risks to confidentiality, integrity, '
                                  'and availability',
            'systems_affected': 'HPE Alletra 6000, Alletra 5000, and Nimble '
                                'Storage arrays'},
 'recommendations': 'Review access controls to limit exposure; upgrade '
                    'affected systems immediately',
 'references': [{'source': 'HPE Security Bulletin HPESBST04995 rev.1'}],
 'response': {'communication_strategy': 'Security Bulletin HPESBST04995 rev.1 '
                                        'published',
              'containment_measures': 'Patches released (6.1.2.800 and '
                                      '6.1.3.300)',
              'remediation_measures': 'Upgrade affected systems immediately'},
 'title': 'HPE Patches High-Severity Privilege Escalation Flaw in Alletra and '
          'Nimble Storage Arrays',
 'type': 'Privilege Escalation',
 'vulnerability_exploited': 'CVE-2026-23594'}