CVE-2026-23809
HIGH WAF: Medium
CVSS 7.6
Published: 2026-03-04
CWE-400
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| arubanetworks | arubaos | 6.5.4.0 - 8.10.0.21 |
| arubanetworks | arubaos | 8.11.0.0 - 8.12.0.6 |
| arubanetworks | arubaos | 8.13.0.0 - 8.13.1.1 |
| arubanetworks | arubaos | 10.3.0.0 - 10.4.1.10 |
| arubanetworks | arubaos | 10.5.0.0 - 10.7.2.2 |
| arubanetworks | arubaos | 10.8.0.0 |
References
- support.hpe.com (Vendor Advisory)