CVE-2026-23601 — Use of a Broken or Risky Cryptographic Algorithm in Packard Enterprise HPE Aruba Networking Wireless Operating System

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.0%

top 99.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hewlett Packard Enterprise HPE Aruba Networking Wireless Operating System Arubanetworks Arubaos

Timeline

PublishedMar 4

Description

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise/hpe_aruba_networking_wireless_operating_system10.7.0.0 — 10.7.2.2+5

▶NVDarubanetworks/arubaos6.5.4.0 — 8.10.0.21+5

🔴Vulnerability Details

CVEList

Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise↗2026-03-04

▶

GHSA

GHSA-hxv6-43wp-jffh: A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions↗2026-03-04

▶