Strix
26.1K

CVE-2026-23809

HIGHCVSS 7.6/10EPSS 0.26%

Last modified

CVE-2026-23809 is a high-severity vulnerability rated 7.6/10 on the CVSS scale. A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. EPSS estimates a 0.26% chance of exploitation in the next 30 days.

Description

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.

Metrics

CVSS 3.1
7.6/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS Probability
0.26%

17.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ArubanetworksArubaos>= 6.5.4.0, <= 8.10.0.21
ArubanetworksArubaos>= 8.11.0.0, <= 8.12.0.6
ArubanetworksArubaos>= 8.13.0.0, <= 8.13.1.1
ArubanetworksArubaos>= 10.3.0.0, <= 10.4.1.10
ArubanetworksArubaos>= 10.5.0.0, <= 10.7.2.2
ArubanetworksArubaos10.8.0.0

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2026-23809?
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.
How severe is CVE-2026-23809?
CVE-2026-23809 has a CVSS score of 7.6/10 (HIGH severity). The EPSS model estimates a 0.26% probability of exploitation in the next 30 days.
How do I fix CVE-2026-23809?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-23809?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST