Sign-up

ID

VAR-202603-0928


CVE

CVE-2026-3556


TITLE

(Pwn2Own) Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-26-154

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.The specific flaw exists within the hk_hap_pair_storage_put function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HomeKit service.

Trust: 0.7

sources: ZDI: ZDI-26-154

AFFECTED PRODUCTS

vendor:philipsmodel:hue bridgescope: - version: -

Trust: 0.7

sources: ZDI: ZDI-26-154

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2026-3556
value: HIGH

Trust: 0.7

ZDI: CVE-2026-3556
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-26-154

PATCH

title:Fixed in Bridge v2 Software version 1975170000url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-154

EXTERNAL IDS

db:ZDI_CANid:ZDI-CAN-28326

Trust: 0.7

db:NVDid:CVE-2026-3556

Trust: 0.7

db:ZDIid:ZDI-26-154

Trust: 0.7

sources: ZDI: ZDI-26-154

REFERENCES

url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-154

CREDITS

InnoEdge Labs

Trust: 0.7

sources: ZDI: ZDI-26-154

SOURCES

db:ZDIid:ZDI-26-154

LAST UPDATE DATE

2026-03-09T23:51:31.700000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-26-154date:2026-03-06T00:00:00

SOURCES RELEASE DATE

db:ZDIid:ZDI-26-154date:2026-03-06T00:00:00