Unrated severityNVD Advisory· Published Mar 4, 2026· Updated Apr 1, 2026

MAC Address Spoofing leads to Inter-BSSID Isolation Bypass Resulting in Traffic Redirection

CVE-2026-23809

Description

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.

Affected products

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)v5
Range: 10.8.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.hpe.com/hpesc/public/docDisplaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000