CVE-2026-23808 - Vulnerability Details

A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00042.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hewlett Packard Enterprise (HPE)

HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)

affected

Version	Status	Constraints
`10.8.0.0`	affected	—
`10.7.0.0`	affected	≤ 10.7.2.2
`10.4.0.0`	affected	≤ 10.4.1.10
`8.13.0.0`	affected	≤ 10.13.1.1
`8.12.0.0`	affected	≤ 10.12.0.6
`8.10.0.0`	affected	≤ 10.13.0.21

Configuration 1 [-]

AND

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:::::::*

OR	cpe:2.3:h:arubanetworks:7010:-:::::::*
	cpe:2.3:h:arubanetworks:7030:-:::::::*
	cpe:2.3:h:arubanetworks:7205:-:::::::*
	cpe:2.3:h:arubanetworks:7210:-:::::::*
	cpe:2.3:h:arubanetworks:7220:-:::::::*
	cpe:2.3:h:arubanetworks:7240xm:-:::::::*
	cpe:2.3:h:arubanetworks:7280:-:::::::*
	cpe:2.3:h:arubanetworks:9004:-:::::::*
	cpe:2.3:h:arubanetworks:9004-lte:-:::::::*
	cpe:2.3:h:arubanetworks:9012:-:::::::*
	cpe:2.3:h:arubanetworks:9106:-:::::::*
	cpe:2.3:h:arubanetworks:9114:-:::::::*
	cpe:2.3:h:arubanetworks:9240:-:::::::*
	cpe:2.3:h:arubanetworks:ap-634:-:::::::*
	cpe:2.3:h:arubanetworks:ap-635:-:::::::*
	cpe:2.3:h:arubanetworks:ap-654:-:::::::*
	cpe:2.3:h:arubanetworks:ap-655:-:::::::*

No data.

Vendor Product Confidence Versions

Hpe

Aruba Networking Wireless Operating Systems

100%

Version	Status	Scheme	Platform
`10.8.0.0`	affected	generic	—
`[10.7.0.0,10.7.2.2]`	affected	generic	—
`[10.4.0.0,10.4.1.10]`	affected	generic	—
`[8.13.0.0,10.13.1.1]`	affected	generic	—
`[8.12.0.0,10.12.0.6]`	affected	generic	—
`[8.10.0.0,10.13.0.21]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Subscriptions

Vendors	Products
Arubanetworks Subscribe	7010 Subscribe 7030 Subscribe 7205 Subscribe 7210 Subscribe 7220 Subscribe 7240xm Subscribe 7280 Subscribe 9004 Subscribe 9004-lte Subscribe 9012 Subscribe 9106 Subscribe 9114 Subscribe 9240 Subscribe Ap-634 Subscribe Ap-635 Subscribe Ap-654 Subscribe Ap-655 Subscribe Arubaos Subscribe
Hpe Subscribe	Aruba Networking Wireless Operating Systems Subscribe

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US

History

Mon, 09 Mar 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Arubanetworks Arubanetworks 7010 Arubanetworks 7030 Arubanetworks 7205 Arubanetworks 7210 Arubanetworks 7220 Arubanetworks 7240xm Arubanetworks 7280 Arubanetworks 9004 Arubanetworks 9004-lte Arubanetworks 9012 Arubanetworks 9106 Arubanetworks 9114 Arubanetworks 9240 Arubanetworks ap-634 Arubanetworks ap-635 Arubanetworks ap-654 Arubanetworks ap-655 Arubanetworks arubaos
CPEs		cpe:2.3:h:arubanetworks:7010:-:::::::* cpe:2.3:h:arubanetworks:7030:-:::::::* cpe:2.3:h:arubanetworks:7205:-:::::::* cpe:2.3:h:arubanetworks:7210:-:::::::* cpe:2.3:h:arubanetworks:7220:-:::::::* cpe:2.3:h:arubanetworks:7240xm:-:::::::* cpe:2.3:h:arubanetworks:7280:-:::::::* cpe:2.3:h:arubanetworks:9004-lte:-:::::::* cpe:2.3:h:arubanetworks:9004:-:::::::* cpe:2.3:h:arubanetworks:9012:-:::::::* cpe:2.3:h:arubanetworks:9106:-:::::::* cpe:2.3:h:arubanetworks:9114:-:::::::* cpe:2.3:h:arubanetworks:9240:-:::::::* cpe:2.3:h:arubanetworks:ap-634:-:::::::* cpe:2.3:h:arubanetworks:ap-635:-:::::::* cpe:2.3:h:arubanetworks:ap-654:-:::::::* cpe:2.3:h:arubanetworks:ap-655:-:::::::* cpe:2.3:o:arubanetworks:arubaos:::::::: cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:::::::*
Vendors & Products		Arubanetworks Arubanetworks 7010 Arubanetworks 7030 Arubanetworks 7205 Arubanetworks 7210 Arubanetworks 7220 Arubanetworks 7240xm Arubanetworks 7280 Arubanetworks 9004 Arubanetworks 9004-lte Arubanetworks 9012 Arubanetworks 9106 Arubanetworks 9114 Arubanetworks 9240 Arubanetworks ap-634 Arubanetworks ap-635 Arubanetworks ap-654 Arubanetworks ap-655 Arubanetworks arubaos

Thu, 05 Mar 2026 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hpe Hpe aruba Networking Wireless Operating Systems
Vendors & Products		Hpe Hpe aruba Networking Wireless Operating Systems

Wed, 04 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-94
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Mar 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.
Title		Client Isolation Bypass via GTK Manipulation
References		https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2026-03-04T16:09:17.967Z

Updated: 2026-03-04T17:42:48.840Z

Reserved: 2026-01-16T15:22:38.201Z

Link: CVE-2026-23808

Vulnrichment

Updated: 2026-03-04T17:40:39.809Z

NVD

Status : Analyzed

Published: 2026-03-04T17:16:18.760

Modified: 2026-03-09T19:24:57.633

Link: CVE-2026-23808

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-05T09:08:34Z

Weaknesses

CWE-94

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

Tracking

JSON object

JSON object

JSON object

JSON object

JSON object