CVE-2026-23809
Received
Received - Intake
Inter-BSSID Isolation Bypass in Wi-Fi Enables Traffic Interception
Publication date: 2026-03-04
Last updated on: 2026-03-09
Assigner: Hewlett Packard Enterprise (HPE)
Description
Description
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arubanetworks | arubaos | From 10.3.0.0 (inc) to 10.4.1.10 (inc) |
| arubanetworks | arubaos | From 10.5.0.0 (inc) to 10.7.2.2 (inc) |
| arubanetworks | arubaos | From 6.5.4.0 (inc) to 8.10.0.21 (inc) |
| arubanetworks | arubaos | From 8.11.0.0 (inc) to 8.12.0.6 (inc) |
| arubanetworks | arubaos | From 8.13.0.0 (inc) to 8.13.1.1 (inc) |
| arubanetworks | arubaos | 10.8.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
