Sign-up

ID

VAR-202603-0956


CVE

CVE-2026-3562


TITLE

(Pwn2Own) Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability

Trust: 0.7

sources: ZDI: ZDI-26-160

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system.

Trust: 0.7

sources: ZDI: ZDI-26-160

AFFECTED PRODUCTS

vendor:philipsmodel:hue bridgescope: - version: -

Trust: 0.7

sources: ZDI: ZDI-26-160

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2026-3562
value: MEDIUM

Trust: 0.7

ZDI: CVE-2026-3562
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-26-160

PATCH

title:Fixed in Bridge v2 Software version 1975170000url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-160

EXTERNAL IDS

db:ZDI_CANid:ZDI-CAN-28480

Trust: 0.7

db:NVDid:CVE-2026-3562

Trust: 0.7

db:ZDIid:ZDI-26-160

Trust: 0.7

sources: ZDI: ZDI-26-160

REFERENCES

url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-160

CREDITS

Viettel Cyber Security

Trust: 0.7

sources: ZDI: ZDI-26-160

SOURCES

db:ZDIid:ZDI-26-160

LAST UPDATE DATE

2026-03-09T23:49:39.350000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-26-160date:2026-03-06T00:00:00

SOURCES RELEASE DATE

db:ZDIid:ZDI-26-160date:2026-03-06T00:00:00