wid-sec-w-2026-0583 · Published 2026-03-03 · View on BSI CERT-Bund ↗

Aruba ArubaOS: Multiple Vulnerabilities

CVSS 5.4 MEDIUM

Risk Summary

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.

CVEs (6)

CVE-2026-23601 CVE-2026-23808 CVE-2026-23809 CVE-2026-23810 CVE-2026-23811 CVE-2026-23812

Affected Vendors

Aruba

Affected Products (12)

Aruba · ArubaOS <10.8.0.1

Aruba · ArubaOS 10.8.0.1

Aruba · ArubaOS <10.7.2.3

Aruba · ArubaOS 10.7.2.3

Aruba · ArubaOS <10.4.1.11

Aruba · ArubaOS 10.4.1.11

Aruba · ArubaOS <8.13.1.2

Aruba · ArubaOS 8.13.1.2

Aruba · ArubaOS <8.12.0.7

Aruba · ArubaOS 8.12.0.7

Aruba · ArubaOS <8.10.0.22

Aruba · ArubaOS 8.10.0.22

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more