CVE-2026-23810 - Vulnerability Details

A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Arubanetworks	7010 7030 7205 7210 7220 7240xm 7280 9004 9004-lte 9012 9106 9114 9240 Ap-634 Ap-635 Ap-654 Ap-655 Arubaos
Hpe	Aruba Networking Wireless Operating Systems

Configuration 1 [-]

AND

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:::::::*

OR	cpe:2.3:h:arubanetworks:7010:-:::::::*
	cpe:2.3:h:arubanetworks:7030:-:::::::*
	cpe:2.3:h:arubanetworks:7205:-:::::::*
	cpe:2.3:h:arubanetworks:7210:-:::::::*
	cpe:2.3:h:arubanetworks:7220:-:::::::*
	cpe:2.3:h:arubanetworks:7240xm:-:::::::*
	cpe:2.3:h:arubanetworks:7280:-:::::::*
	cpe:2.3:h:arubanetworks:9004:-:::::::*
	cpe:2.3:h:arubanetworks:9004-lte:-:::::::*
	cpe:2.3:h:arubanetworks:9012:-:::::::*
	cpe:2.3:h:arubanetworks:9106:-:::::::*
	cpe:2.3:h:arubanetworks:9114:-:::::::*
	cpe:2.3:h:arubanetworks:9240:-:::::::*
	cpe:2.3:h:arubanetworks:ap-634:-:::::::*
	cpe:2.3:h:arubanetworks:ap-635:-:::::::*
	cpe:2.3:h:arubanetworks:ap-654:-:::::::*
	cpe:2.3:h:arubanetworks:ap-655:-:::::::*

No data.

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US

History

Mon, 09 Mar 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Arubanetworks Arubanetworks 7010 Arubanetworks 7030 Arubanetworks 7205 Arubanetworks 7210 Arubanetworks 7220 Arubanetworks 7240xm Arubanetworks 7280 Arubanetworks 9004 Arubanetworks 9004-lte Arubanetworks 9012 Arubanetworks 9106 Arubanetworks 9114 Arubanetworks 9240 Arubanetworks ap-634 Arubanetworks ap-635 Arubanetworks ap-654 Arubanetworks ap-655 Arubanetworks arubaos
CPEs		cpe:2.3:h:arubanetworks:7010:-:::::::* cpe:2.3:h:arubanetworks:7030:-:::::::* cpe:2.3:h:arubanetworks:7205:-:::::::* cpe:2.3:h:arubanetworks:7210:-:::::::* cpe:2.3:h:arubanetworks:7220:-:::::::* cpe:2.3:h:arubanetworks:7240xm:-:::::::* cpe:2.3:h:arubanetworks:7280:-:::::::* cpe:2.3:h:arubanetworks:9004-lte:-:::::::* cpe:2.3:h:arubanetworks:9004:-:::::::* cpe:2.3:h:arubanetworks:9012:-:::::::* cpe:2.3:h:arubanetworks:9106:-:::::::* cpe:2.3:h:arubanetworks:9114:-:::::::* cpe:2.3:h:arubanetworks:9240:-:::::::* cpe:2.3:h:arubanetworks:ap-634:-:::::::* cpe:2.3:h:arubanetworks:ap-635:-:::::::* cpe:2.3:h:arubanetworks:ap-654:-:::::::* cpe:2.3:h:arubanetworks:ap-655:-:::::::* cpe:2.3:o:arubanetworks:arubaos:::::::: cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:::::::*
Vendors & Products		Arubanetworks Arubanetworks 7010 Arubanetworks 7030 Arubanetworks 7205 Arubanetworks 7210 Arubanetworks 7220 Arubanetworks 7240xm Arubanetworks 7280 Arubanetworks 9004 Arubanetworks 9004-lte Arubanetworks 9012 Arubanetworks 9106 Arubanetworks 9114 Arubanetworks 9240 Arubanetworks ap-634 Arubanetworks ap-635 Arubanetworks ap-654 Arubanetworks ap-655 Arubanetworks arubaos

Thu, 05 Mar 2026 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hpe Hpe aruba Networking Wireless Operating Systems
Vendors & Products		Hpe Hpe aruba Networking Wireless Operating Systems

Wed, 04 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-300
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Mar 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.
Title		Cross-BSSID GTK Re-encryption and Traffic Injection
References		https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2026-03-04T16:11:35.964Z

Updated: 2026-03-04T17:46:09.493Z

Reserved: 2026-01-16T15:22:38.201Z

Link: CVE-2026-23810

Vulnrichment

Updated: 2026-03-04T17:45:48.245Z

NVD

Status : Analyzed

Published: 2026-03-04T17:16:19.060

Modified: 2026-03-09T19:20:48.343

Link: CVE-2026-23810

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object