ID

VAR-202603-0928


CVE

CVE-2026-3556


TITLE

philips' Hue Bridge V2  Heap-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013584

DESCRIPTION

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HomeKit service. Was ZDI-CAN-28326. The original identifier is ZDI-CAN-28326 is.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely

Trust: 2.25

sources: NVD: CVE-2026-3556 // JVNDB: JVNDB-2026-013584 // ZDI: ZDI-26-154

AFFECTED PRODUCTS

vendor:philipsmodel:hue bridge v2scope:ltversion:1975170000

Trust: 1.0

vendor:フィリップスmodel:hue bridge v2scope:eqversion:hue bridge v2 firmware 1975170000

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope: - version: -

Trust: 0.8

vendor:philipsmodel:hue bridgescope: - version: -

Trust: 0.7

sources: ZDI: ZDI-26-154 // JVNDB: JVNDB-2026-013584 // NVD: CVE-2026-3556

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2026-3556
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013584
value: HIGH

Trust: 0.8

ZDI: CVE-2026-3556
value: HIGH

Trust: 0.7

zdi-disclosures@trendmicro.com: CVE-2026-3556
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

OTHER: JVNDB-2026-013584
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2026-3556
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-26-154 // JVNDB: JVNDB-2026-013584 // NVD: CVE-2026-3556

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013584 // NVD: CVE-2026-3556

PATCH

title:ZDI-26-154 | Zero Day Initiativeurl:https://www.zerodayinitiative.com/advisories/ZDI-26-154/

Trust: 0.8

title:Fixed in Bridge v2 Software version 1975170000url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-154 // JVNDB: JVNDB-2026-013584

EXTERNAL IDS

db:NVDid:CVE-2026-3556

Trust: 3.3

db:ZDIid:ZDI-26-154

Trust: 1.7

db:JVNDBid:JVNDB-2026-013584

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-28326

Trust: 0.7

sources: ZDI: ZDI-26-154 // JVNDB: JVNDB-2026-013584 // NVD: CVE-2026-3556

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-26-154/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-3556

Trust: 0.8

url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-154 // JVNDB: JVNDB-2026-013584 // NVD: CVE-2026-3556

CREDITS

InnoEdge Labs

Trust: 0.7

sources: ZDI: ZDI-26-154

SOURCES

db:ZDIid:ZDI-26-154
db:JVNDBid:JVNDB-2026-013584
db:NVDid:CVE-2026-3556

LAST UPDATE DATE

2026-06-19T23:29:13.489000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-26-154date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013584date:2026-04-30T03:29:00
db:NVDid:CVE-2026-3556date:2026-04-27T14:49:31.533

SOURCES RELEASE DATE

db:ZDIid:ZDI-26-154date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013584date:2026-04-30T00:00:00
db:NVDid:CVE-2026-3556date:2026-03-16T14:19:48.663