CVE- 2026-23594 is a high-severity flaw in HPE Alletra and Nimble storage systems that could allow a remote attacker to escalate privileges and potentially gain administrative control over the storage array. The vulnerability, which has a CVSS score of 8.8, affects HPE Alletra 6000 and 5000, HPE Nimble Storage Hybrid Flash Arrays, and Nimble Storage All Flash Arrays.
According to the security bulletin, a vulnerability in certain configurations of Alletra 6000, Alletra 5000, and HPE Nimble Storage Array OS could lead to remote privilege elevation. The issue lies in how the storage operating system handles permissions in specific setups, with the flaw present in software versions prior to 6.1.2.800 and 6.1.3 prior to 6.1.3.300 across all listed platforms. HPE has urged storage admins to upgrade to version 6.1.2.800 or 6.1.3.300 immediately to mitigate the risk of unauthorized access.