CVE-2026-23601

Description

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)10.8.0.0 – 10.8.0.0
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)10.7.0.0 – 10.7.2.2
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)10.4.0.0 – 10.4.1.10
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)8.13.0.0 – 8.13.1.1
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)8.12.0.0 – 8.12.0.6
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)8.10.0.0 – 8.10.0.21

References

MISChttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US