CVE-2026-23810
Received Received - Intake
GTK Re-encryption Flaw in Wi-Fi AP Enables MitM Attacks

Publication date: 2026-03-04

Last updated on: 2026-03-09

Assigner: Hewlett Packard Enterprise (HPE)

Description
A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-09
Generated
2026-05-07
AI Q&A
2026-03-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23810
EUVD
EUVD-2026-9416
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
arubanetworks arubaos From 10.3.0.0 (inc) to 10.4.1.10 (inc)
arubanetworks arubaos From 10.5.0.0 (inc) to 10.7.2.2 (inc)
arubanetworks arubaos From 6.5.4.0 (inc) to 8.10.0.21 (inc)
arubanetworks arubaos From 8.11.0.0 (inc) to 8.12.0.6 (inc)
arubanetworks arubaos From 8.13.0.0 (inc) to 8.13.1.1 (inc)
arubanetworks arubaos 10.8.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-300 The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the packet processing logic of certain access points. An authenticated attacker can craft and send a malicious Wi-Fi frame that tricks the access point into treating the frame as group-addressed traffic. The access point then re-encrypts this frame using the Group Temporal Key (GTK) associated with the victim's BSSID.

Exploiting this flaw allows the attacker to inject traffic that does not depend on the GTK. When combined with a port-stealing technique, the attacker can redirect intercepted traffic, enabling machine-in-the-middle (MitM) attacks across different BSSID boundaries.


How can this vulnerability impact me? :

The vulnerability can allow an attacker to inject unauthorized traffic into the network and redirect intercepted traffic between different BSSIDs. This can lead to machine-in-the-middle attacks, where the attacker can intercept, modify, or redirect network communications.

Such attacks can compromise the confidentiality of communications and potentially allow unauthorized access to sensitive information or network resources.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart