CVE-2026-8676 | THREATINT

Description

An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.

PUBLISHED Reserved 2026-05-15 | Published 2026-05-26 | Updated 2026-05-26 | Assigner Silabs

HIGH: 8.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-290 Authentication bypass by spoofing

Product status

Default status

unaffected

Any version before 2024.12.0

affected

References

community.silabs.com/068Vm00000p3N9C vendor-advisory

www.silabs.com/...otes/bt-software-release-notes-9.0.0.0.pdf release-notes

cve.org (CVE-2026-8676)

nvd.nist.gov (CVE-2026-8676)

Download JSON