Description
An attacker within BLE communication range can monopolize the device's
only available BLE connection slot, preventing legitimate users or
applications from establishing a connection.
Published: 2026-06-18
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker within Bluetooth Low Energy (BLE) communication range can monopolize the device’s sole available BLE connection slot, preventing legitimate users or applications from establishing a connection. The vulnerability is a missing authorization flaw (CWE‑862) that results in service disruption rather than privilege escalation or data disclosure.

Affected Systems

Affected product: Apollo Pharmacy Blood Glucose Monitoring System, model APG‑01 BT. No specific firmware or version information is provided in the advisory.

Risk and Exploitability

The CVSS score of 7.1 classifies the flaw as high severity, but the EPSS score is unavailable, so the likelihood of exploitation cannot be quantified. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to be within BLE range of the device and to initiate a connection request, flooding the single connection slot and blocking legitimate traffic. Without an available patch, the risk is moderate to high for environments where the device is used in proximity to potential attackers.

Generated by OpenCVE AI on June 19, 2026 at 01:21 UTC.

Remediation

Vendor Workaround

Apollo Pharmacy did not respond to CISA's requests to coordinate. Users are encouraged to reach out to Apollo Pharmacy directly for more information: https://www.apollopharmacy.in/contact-us CISA recommends users follow the guidance in the Understanding Bluetooth Technology blog:  https://www.cisa.gov/news-events/news/understanding-bluetooth-technology


OpenCVE Recommended Actions

  • Contact Apollo Pharmacy for guidance and possible firmware updates or patches
  • Disable the device’s Bluetooth radio or turn off the device during use to prevent unauthorized connections
  • Follow CISA’s Bluetooth security best‑practice guidance, such as disabling discoverable mode, using secure pairing, and monitoring for unexpected connection attempts

Generated by OpenCVE AI on June 19, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apollo Pharmacy
Apollo Pharmacy blood Glucose Monitoring System (model No. Apg-01 Bt)
Vendors & Products Apollo Pharmacy
Apollo Pharmacy blood Glucose Monitoring System (model No. Apg-01 Bt)

Fri, 19 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Description An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection.
Title Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Missing Authorization
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Apollo Pharmacy Blood Glucose Monitoring System (model No. Apg-01 Bt)
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-06-22T14:52:06.602Z

Reserved: 2026-06-10T21:21:12.261Z

Link: CVE-2026-52866

cve-icon Vulnrichment

Updated: 2026-06-22T14:51:59.764Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:36:35Z

Weaknesses