Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Malicious Actor Can Hijack Wireless Network Traffic
CVE-2026-23808
Summary
A vulnerability in a widely used wireless roaming protocol could allow hackers to take control of your network traffic. This could let them intercept, modify, or block sensitive information, making it harder to keep your network secure. To protect yourself, make sure your wireless network and devices are up to date with the latest security patches and follow best practices for secure network configuration.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| arubanetworks | arubaos | > 6.5.4.0 , <= 8.10.0.21 | – |
| arubanetworks | arubaos | > 8.11.0.0 , <= 8.12.0.6 | – |
| arubanetworks | arubaos | > 8.13.0.0 , <= 8.13.1.1 | – |
| arubanetworks | arubaos | > 10.3.0.0 , <= 10.4.1.10 | – |
| arubanetworks | arubaos | > 10.5.0.0 , <= 10.7.2.2 | – |
| arubanetworks | arubaos | 10.8.0.0 | – |
Original title
A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Su...
Original description
A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.
nvd CVSS3.1
5.4
Vulnerability type
CWE-94
Code Injection
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026