Vulnerability Description
A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Arubaos | >= 6.5.4.0, <= 8.10.0.21 |
| Arubanetworks | 7010 | - |
| Arubanetworks | 7030 | - |
| Arubanetworks | 7205 | - |
| Arubanetworks | 7210 | - |
| Arubanetworks | 7220 | - |
| Arubanetworks | 7240Xm | - |
| Arubanetworks | 7280 | - |
| Arubanetworks | 9004 | - |
| Arubanetworks | 9004-Lte | - |
| Arubanetworks | 9012 | - |
| Arubanetworks | 9106 | - |
| Arubanetworks | 9114 | - |
| Arubanetworks | 9240 | - |
| Arubanetworks | Ap-634 | - |
| Arubanetworks | Ap-635 | - |
| Arubanetworks | Ap-654 | - |
| Arubanetworks | Ap-655 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-23808?
CVE-2026-23808 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Succe...
How severe is CVE-2026-23808?
CVE-2026-23808 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23808?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Arubaos, Arubanetworks 7010, Arubanetworks 7030, Arubanetworks 7205, Arubanetworks 7210.