CVE-2026-23601 - Vulnerability Details - OpenCVE

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US

History

Wed, 04 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-327
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Mar 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.
Title		Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise
References		https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2026-03-04T16:07:42.929Z

Updated: 2026-03-04T17:59:28.741Z

Reserved: 2026-01-14T15:40:17.991Z

Link: CVE-2026-23601

Vulnrichment

Updated: 2026-03-04T17:56:17.146Z

NVD

Status : Awaiting Analysis

Published: 2026-03-04T17:16:18.610

Modified: 2026-03-04T19:16:19.147

Link: CVE-2026-23601

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23601", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2026-01-14T15:40:17.991Z", "datePublished": "2026-03-04T16:07:42.929Z", "dateUpdated": "2026-03-04T17:59:28.741Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "affected", "version": "10.8.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.7.2.2", "status": "affected", "version": "10.7.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.4.1.10", "status": "affected", "version": "10.4.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.13.1.1", "status": "affected", "version": "8.13.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.12.0.6", "status": "affected", "version": "8.12.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.13.0.21", "status": "affected", "version": "8.10.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.</p>"}], "value": "A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2026-03-04T16:07:42.929Z"}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US"}], "source": {"advisory": "HPESBNW05026", "discovery": "EXTERNAL"}, "title": "Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-327", "lang": "en", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T17:52:14.142763Z", "id": "CVE-2026-23601", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T17:59:28.741Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23601", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-04T17:52:14.142763Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T17:56:17.146Z"}}], "cna": {"title": "Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise", "source": {"advisory": "HPESBNW05026", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)", "versions": [{"status": "affected", "version": "10.8.0.0", "versionType": "semver"}, {"status": "affected", "version": "10.7.0.0", "versionType": "semver", "lessThanOrEqual": "10.7.2.2"}, {"status": "affected", "version": "10.4.0.0", "versionType": "semver", "lessThanOrEqual": "10.4.1.10"}, {"status": "affected", "version": "8.13.0.0", "versionType": "semver", "lessThanOrEqual": "10.13.1.1"}, {"status": "affected", "version": "8.12.0.0", "versionType": "semver", "lessThanOrEqual": "10.12.0.6"}, {"status": "affected", "version": "8.10.0.0", "versionType": "semver", "lessThanOrEqual": "10.13.0.21"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.", "supportingMedia": [{"type": "text/html", "value": "<p>A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.</p>", "base64": false}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2026-03-04T16:07:42.929Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23601", "state": "PUBLISHED", "dateUpdated": "2026-03-04T17:59:28.741Z", "dateReserved": "2026-01-14T15:40:17.991Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2026-03-04T16:07:42.929Z", "assignerShortName": "hpe"}, "dataVersion": "5.2"}