Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-23601

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-04 Mar, 2026 | 16:07
Updated At-01 Apr, 2026 | 16:23
Rejected At-
Credits

Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:04 Mar, 2026 | 16:07
Updated At:01 Apr, 2026 | 16:23
Rejected At:
â–¼CVE Numbering Authority (CNA)
Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.

Affected Products
Vendor
Hewlett Packard Enterprise (HPE)Hewlett Packard Enterprise (HPE)
Product
HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
Default Status
affected
Versions
Affected
  • 10.8.0.0 (semver)
  • From 10.7.0.0 through 10.7.2.2 (semver)
  • From 10.4.0.0 through 10.4.1.10 (semver)
  • From 8.13.0.0 through 8.13.1.1 (semver)
  • From 8.12.0.0 through 8.12.0.6 (semver)
  • From 8.10.0.0 through 8.10.0.21 (semver)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US
N/A
Hyperlink: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-327CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Type: CWE
CWE ID: CWE-327
Description: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:04 Mar, 2026 | 17:16
Updated At:09 Mar, 2026 | 19:25

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CPE Matches
Aruba Networks
arubanetworks
>>arubaos>>Versions from 6.5.4.0(inclusive) to 8.10.0.21(inclusive)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>arubaos>>Versions from 8.11.0.0(inclusive) to 8.12.0.6(inclusive)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>arubaos>>Versions from 8.13.0.0(inclusive) to 8.13.1.1(inclusive)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>arubaos>>Versions from 10.3.0.0(inclusive) to 10.4.1.10(inclusive)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>arubaos>>Versions from 10.5.0.0(inclusive) to 10.7.2.2(inclusive)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>arubaos>>10.8.0.0
cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>7010>>-
cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>7030>>-
cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>7205>>-
cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>7210>>-
cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>7220>>-
cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>7240xm>>-
cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>7280>>-
cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>9004>>-
cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>9004-lte>>-
cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>9012>>-
cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>9106>>-
cpe:2.3:h:arubanetworks:9106:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>9114>>-
cpe:2.3:h:arubanetworks:9114:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>9240>>-
cpe:2.3:h:arubanetworks:9240:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>ap-634>>-
cpe:2.3:h:arubanetworks:ap-634:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>ap-635>>-
cpe:2.3:h:arubanetworks:ap-635:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>ap-654>>-
cpe:2.3:h:arubanetworks:ap-654:-:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>ap-655>>-
cpe:2.3:h:arubanetworks:ap-655:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-327Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-327
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_USsecurity-alert@hpe.com
Vendor Advisory
Hyperlink: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US
Source: security-alert@hpe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2026-23809
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.62%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 16:10
Updated-01 Apr, 2026 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MAC Address Spoofing leads to Inter-BSSID Isolation Bypass Resulting in Traffic Redirection

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-7010ap-6347240xm72809004-lte91147220703072109106arubaos90129240ap-635ap-654ap-65590047205HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-23808
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.90%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 16:09
Updated-01 Apr, 2026 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Client Isolation Bypass via GTK Manipulation

A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-7010ap-6347240xm72809004-lte91147220703072109106arubaos90129240ap-635ap-654ap-65590047205HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-37127
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.02% / 6.88%
||
7 Day CHG~0.00%
Published-16 Sep, 2025 | 22:22
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Replay Attack contains Cryptographic Vulnerability

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and control over the affected systems.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking EdgeConnect SD-WAN Gateway
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
Details not found