CVE-2026-23809
Inter-BSSID Isolation Bypass in Wi-Fi Enables Traffic Interception
Publication date: 2026-03-04
Last updated on: 2026-03-09
Assigner: Hewlett Packard Enterprise (HPE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arubanetworks | arubaos | From 10.3.0.0 (inc) to 10.4.1.10 (inc) |
| arubanetworks | arubaos | From 10.5.0.0 (inc) to 10.7.2.2 (inc) |
| arubanetworks | arubaos | From 6.5.4.0 (inc) to 8.10.0.21 (inc) |
| arubanetworks | arubaos | From 8.11.0.0 (inc) to 8.12.0.6 (inc) |
| arubanetworks | arubaos | From 8.13.0.0 (inc) to 8.13.1.1 (inc) |
| arubanetworks | arubaos | 10.8.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a technique that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs (Basic Service Set Identifiers). By exploiting the relationship between BSSIDs and their associated virtual ports, an attacker can bypass inter-BSSID isolation controls.
This means the attacker could redirect and intercept network traffic intended for other devices within the Wi-Fi network.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability may allow an attacker to eavesdrop on your network traffic, hijack your sessions, or cause denial of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know