CVE-2026-23809 | THREATINT

Description

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.

PUBLISHED Reserved 2026-01-16 | Published 2026-03-04 | Updated 2026-03-04 | Assigner hpe

MEDIUM: 5.4CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Product status

Default status

affected

10.8.0.0 (semver)

affected

10.7.0.0 (semver)

affected

10.4.0.0 (semver)

affected

8.13.0.0 (semver)

affected

8.12.0.0 (semver)

affected

8.10.0.0 (semver)

affected

Credits

Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven finder

References

support.hpe.com/...y?docId=hpesbnw05026en_us&docLocale=en_US

cve.org (CVE-2026-23809)

nvd.nist.gov (CVE-2026-23809)

Download JSON