Cyber Resilience

CVE-2026-26048

High

Published: 20 February 2026

Published
20 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0004 14.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26048 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Cisa (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Network Flood (T1498.001); ranked at the 14.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-18 (Wireless Access) and SC-40 (Wireless Link Protection).

Deeper analysis

CVE-2026-26048 is a vulnerability in Wi-Fi routers stemming from the absence of management frame protection, which permits the broadcasting of forged deauthentication and disassociation frames without authentication or encryption. This flaw, associated with CWE-306 (Missing Authentication for Critical Function), enables attackers to disrupt network connectivity. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and was published on 2026-02-20.

Any attacker within wireless range can exploit this vulnerability by transmitting spoofed management frames, leading to unauthorized client disconnections and a denial-of-service condition across the affected network. No privileges, user interaction, or special access are required, making it accessible to remote, unauthenticated adversaries with low complexity.

Mitigation details are outlined in the CISA ICS advisory ICSA-26-050-03, available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03, with the full JSON artifact at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json. Security practitioners should consult these resources for vendor-specific patches or workarounds.

EU & UK References

Vulnerability details

The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create…

more

a denial-of-service condition.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1498.001 Direct Network Flood Impact
Adversaries may attempt to cause a denial of service (DoS) by directly sending a high-volume of network traffic to a target.
Why these techniques?

Vulnerability directly enables forged deauth/disassoc frame injection (deauth flood) against unprotected Wi-Fi management frames, producing network-wide denial of service without authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26160Shared CWE-306
CVE-2026-25192Shared CWE-306
CVE-2026-32064Shared CWE-306
CVE-2025-63389Shared CWE-306
CVE-2025-15620Shared CWE-306
CVE-2025-26359Shared CWE-306
CVE-2025-21515Shared CWE-306
CVE-2025-57432Shared CWE-306
CVE-2026-27446Shared CWE-306
CVE-2025-9254Shared CWE-306

Affected Assets

Cisa
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements controls to protect wireless links from exploitation via forged deauthentication and disassociation frames lacking authentication or encryption.

prevent

Enforces encryption requirements and authentication mechanisms for wireless access to mitigate unauthorized management frame broadcasts.

prevent

Protects system resources against denial-of-service events specifically from deauthentication attacks on Wi-Fi networks.

References