Details of VAR-202603-0928

ID

VAR-202603-0928

CVE

CVE-2026-3556

TITLE

(Pwn2Own) Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-26-154

DESCRIPTION

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HomeKit service. Was ZDI-CAN-28326

Trust: 1.53

sources: NVD: CVE-2026-3556 // ZDI: ZDI-26-154

AFFECTED PRODUCTS

vendor:

philips

model:

hue bridge

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-26-154

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2026-3556
value:	HIGH
Trust: 1.0
ZDI:	CVE-2026-3556
value:	HIGH
Trust: 0.7

zdi-disclosures@trendmicro.com:	CVE-2026-3556
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
ZDI:	CVE-2026-3556
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-26-154 // NVD: CVE-2026-3556

PROBLEMTYPE DATA

problemtype:

CWE-122

Trust: 1.0

sources: NVD: CVE-2026-3556

PATCH

title:

Fixed in Bridge v2 Software version 1975170000

url:

https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-154

EXTERNAL IDS

db:	NVD	id:	CVE-2026-3556	Trust: 1.7
db:	ZDI	id:	ZDI-26-154	Trust: 1.7
db:	ZDI_CAN	id:	ZDI-CAN-28326	Trust: 0.7

sources: ZDI: ZDI-26-154 // NVD: CVE-2026-3556

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-26-154/	Trust: 1.0
url:	https://www.philips-hue.com/en-ca/support/release-notes/bridge	Trust: 0.7

sources: ZDI: ZDI-26-154 // NVD: CVE-2026-3556

CREDITS

InnoEdge Labs

Trust: 0.7

sources: ZDI: ZDI-26-154

SOURCES

db:	ZDI	id:	ZDI-26-154
db:	NVD	id:	CVE-2026-3556

LAST UPDATE DATE

2026-03-16T23:51:32.472000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-26-154	date:	2026-03-06T00:00:00
db:	NVD	id:	CVE-2026-3556	date:	2026-03-16T14:53:07.390

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-26-154	date:	2026-03-06T00:00:00
db:	NVD	id:	CVE-2026-3556	date:	2026-03-16T14:19:48.663