CVE-2026-23810
Received Received - Intake
GTK Re-encryption Flaw in Wi-Fi AP Enables MitM Attacks

Publication date: 2026-03-04

Last updated on: 2026-03-09

Assigner: Hewlett Packard Enterprise (HPE)

Description
A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23810
EUVD
EUVD-2026-9416
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
arubanetworks arubaos From 10.3.0.0 (inc) to 10.4.1.10 (inc)
arubanetworks arubaos From 10.5.0.0 (inc) to 10.7.2.2 (inc)
arubanetworks arubaos From 6.5.4.0 (inc) to 8.10.0.21 (inc)
arubanetworks arubaos From 8.11.0.0 (inc) to 8.12.0.6 (inc)
arubanetworks arubaos From 8.13.0.0 (inc) to 8.13.1.1 (inc)
arubanetworks arubaos 10.8.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-300 The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the packet processing logic of certain access points. An authenticated attacker can craft and send a malicious Wi-Fi frame that tricks the access point into treating the frame as group-addressed traffic. The access point then re-encrypts this frame using the Group Temporal Key (GTK) associated with the victim's BSSID.

Exploiting this flaw allows the attacker to inject traffic that does not depend on the GTK. When combined with a port-stealing technique, the attacker can redirect intercepted traffic, enabling machine-in-the-middle (MitM) attacks across different BSSID boundaries.

Impact Analysis

The vulnerability can allow an attacker to inject unauthorized traffic into the network and redirect intercepted traffic between different BSSIDs. This can lead to machine-in-the-middle attacks, where the attacker can intercept, modify, or redirect network communications.

Such attacks can compromise the confidentiality of communications and potentially allow unauthorized access to sensitive information or network resources.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23810. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart