ID

VAR-202603-0936


CVE

CVE-2026-3560


TITLE

philips' Hue Bridge V2  Heap-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013579

DESCRIPTION

Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function of the HomeKit implementation, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28469. ZDI-CAN-28469 It was known as.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely

Trust: 2.25

sources: NVD: CVE-2026-3560 // JVNDB: JVNDB-2026-013579 // ZDI: ZDI-26-158

AFFECTED PRODUCTS

vendor:philipsmodel:hue bridge v2scope:ltversion:1975170000

Trust: 1.0

vendor:フィリップスmodel:hue bridge v2scope:eqversion:hue bridge v2 firmware 1975170000

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope: - version: -

Trust: 0.8

vendor:philipsmodel:hue bridgescope: - version: -

Trust: 0.7

sources: ZDI: ZDI-26-158 // JVNDB: JVNDB-2026-013579 // NVD: CVE-2026-3560

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2026-3560
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013579
value: HIGH

Trust: 0.8

ZDI: CVE-2026-3560
value: HIGH

Trust: 0.7

zdi-disclosures@trendmicro.com: CVE-2026-3560
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

OTHER: JVNDB-2026-013579
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2026-3560
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-26-158 // JVNDB: JVNDB-2026-013579 // NVD: CVE-2026-3560

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013579 // NVD: CVE-2026-3560

PATCH

title:ZDI-26-158 | Zero Day Initiativeurl:https://www.zerodayinitiative.com/advisories/ZDI-26-158/

Trust: 0.8

title:Fixed in Bridge v2 Software version 1975170000url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-158 // JVNDB: JVNDB-2026-013579

EXTERNAL IDS

db:NVDid:CVE-2026-3560

Trust: 3.3

db:ZDIid:ZDI-26-158

Trust: 1.7

db:JVNDBid:JVNDB-2026-013579

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-28469

Trust: 0.7

sources: ZDI: ZDI-26-158 // JVNDB: JVNDB-2026-013579 // NVD: CVE-2026-3560

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-26-158/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-3560

Trust: 0.8

url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-158 // JVNDB: JVNDB-2026-013579 // NVD: CVE-2026-3560

CREDITS

Xilokar (@xilokar@mamot.fr)

Trust: 0.7

sources: ZDI: ZDI-26-158

SOURCES

db:ZDIid:ZDI-26-158
db:JVNDBid:JVNDB-2026-013579
db:NVDid:CVE-2026-3560

LAST UPDATE DATE

2026-06-19T23:26:12.487000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-26-158date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013579date:2026-04-30T03:29:00
db:NVDid:CVE-2026-3560date:2026-04-27T14:30:43.610

SOURCES RELEASE DATE

db:ZDIid:ZDI-26-158date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013579date:2026-04-30T00:00:00
db:NVDid:CVE-2026-3560date:2026-03-16T14:19:52.050