Researchers from UC Riverside have disclosed AirSnitch, a new class of attacks that bypasses Wi-Fi client isolation, allowing malicious users on the same network to spoof identities, intercept traffic, and perform man-in-the-middle attacks—even on WPA3-secured setups. The vulnerability, presented at the NDSS 2026 symposium, affects popular consumer routers from brands like Netgear, TP-Link, Asus, D-Link, and Tenda, as well as open-source firmwares such as OpenWrt and enterprise environments, with every tested device proving susceptible to at least one attack variant. Root causes stem from improper management of broadcast encryption keys and unlinked MAC, IP, and key layers in Wi-Fi architecture, making simple patches insufficient. No fixes are currently available, underscoring the need for fundamental changes to Wi-Fi standards to secure public hotspots, homes, and offices.