CVE-2026-23601 - Vulnerability Details

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Arubanetworks	7010 7030 7205 7210 7220 7240xm 7280 9004 9004-lte 9012 9106 9114 9240 Ap-634 Ap-635 Ap-654 Ap-655 Arubaos
Hpe	Aruba Networking Wireless Operating Systems

Configuration 1 [-]

AND

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:::::::*

OR	cpe:2.3:h:arubanetworks:7010:-:::::::*
	cpe:2.3:h:arubanetworks:7030:-:::::::*
	cpe:2.3:h:arubanetworks:7205:-:::::::*
	cpe:2.3:h:arubanetworks:7210:-:::::::*
	cpe:2.3:h:arubanetworks:7220:-:::::::*
	cpe:2.3:h:arubanetworks:7240xm:-:::::::*
	cpe:2.3:h:arubanetworks:7280:-:::::::*
	cpe:2.3:h:arubanetworks:9004:-:::::::*
	cpe:2.3:h:arubanetworks:9004-lte:-:::::::*
	cpe:2.3:h:arubanetworks:9012:-:::::::*
	cpe:2.3:h:arubanetworks:9106:-:::::::*
	cpe:2.3:h:arubanetworks:9114:-:::::::*
	cpe:2.3:h:arubanetworks:9240:-:::::::*
	cpe:2.3:h:arubanetworks:ap-634:-:::::::*
	cpe:2.3:h:arubanetworks:ap-635:-:::::::*
	cpe:2.3:h:arubanetworks:ap-654:-:::::::*
	cpe:2.3:h:arubanetworks:ap-655:-:::::::*

No data.

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US

History

Mon, 09 Mar 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Arubanetworks Arubanetworks 7010 Arubanetworks 7030 Arubanetworks 7205 Arubanetworks 7210 Arubanetworks 7220 Arubanetworks 7240xm Arubanetworks 7280 Arubanetworks 9004 Arubanetworks 9004-lte Arubanetworks 9012 Arubanetworks 9106 Arubanetworks 9114 Arubanetworks 9240 Arubanetworks ap-634 Arubanetworks ap-635 Arubanetworks ap-654 Arubanetworks ap-655 Arubanetworks arubaos
CPEs		cpe:2.3:h:arubanetworks:7010:-:::::::* cpe:2.3:h:arubanetworks:7030:-:::::::* cpe:2.3:h:arubanetworks:7205:-:::::::* cpe:2.3:h:arubanetworks:7210:-:::::::* cpe:2.3:h:arubanetworks:7220:-:::::::* cpe:2.3:h:arubanetworks:7240xm:-:::::::* cpe:2.3:h:arubanetworks:7280:-:::::::* cpe:2.3:h:arubanetworks:9004-lte:-:::::::* cpe:2.3:h:arubanetworks:9004:-:::::::* cpe:2.3:h:arubanetworks:9012:-:::::::* cpe:2.3:h:arubanetworks:9106:-:::::::* cpe:2.3:h:arubanetworks:9114:-:::::::* cpe:2.3:h:arubanetworks:9240:-:::::::* cpe:2.3:h:arubanetworks:ap-634:-:::::::* cpe:2.3:h:arubanetworks:ap-635:-:::::::* cpe:2.3:h:arubanetworks:ap-654:-:::::::* cpe:2.3:h:arubanetworks:ap-655:-:::::::* cpe:2.3:o:arubanetworks:arubaos:::::::: cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:::::::*
Vendors & Products		Arubanetworks Arubanetworks 7010 Arubanetworks 7030 Arubanetworks 7205 Arubanetworks 7210 Arubanetworks 7220 Arubanetworks 7240xm Arubanetworks 7280 Arubanetworks 9004 Arubanetworks 9004-lte Arubanetworks 9012 Arubanetworks 9106 Arubanetworks 9114 Arubanetworks 9240 Arubanetworks ap-634 Arubanetworks ap-635 Arubanetworks ap-654 Arubanetworks ap-655 Arubanetworks arubaos

Thu, 05 Mar 2026 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hpe Hpe aruba Networking Wireless Operating Systems
Vendors & Products		Hpe Hpe aruba Networking Wireless Operating Systems

Wed, 04 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-327
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Mar 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.
Title		Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise
References		https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2026-03-04T16:07:42.929Z

Updated: 2026-03-04T17:59:28.741Z

Reserved: 2026-01-14T15:40:17.991Z

Link: CVE-2026-23601

Vulnrichment

Updated: 2026-03-04T17:56:17.146Z

NVD

Status : Analyzed

Published: 2026-03-04T17:16:18.610

Modified: 2026-03-09T19:25:46.320

Link: CVE-2026-23601

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object