Description
An attacker within BLE communication range can monopolize the device's
only available BLE connection slot, preventing legitimate users or
applications from establishing a connection.
Published: 2026-06-18
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker within Bluetooth Low Energy (BLE) communication range can monopolize the device’s sole available BLE connection slot, preventing legitimate users or applications from establishing a connection. The vulnerability is a missing authorization flaw (CWE‑862) that results in service disruption rather than privilege escalation or data disclosure.

Affected Systems

Affected product: Apollo Pharmacy Blood Glucose Monitoring System, model APG‑01 BT. No specific firmware or version information is provided in the advisory.

Risk and Exploitability

The CVSS score of 7.1 classifies the flaw as high severity, but the EPSS score is unavailable, so the likelihood of exploitation cannot be quantified. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to be within BLE range of the device and to initiate a connection request, flooding the single connection slot and blocking legitimate traffic. Without an available patch, the risk is moderate to high for environments where the device is used in proximity to potential attackers.

Generated by OpenCVE AI on June 19, 2026 at 01:21 UTC.

Remediation

Vendor Workaround

Apollo Pharmacy did not respond to CISA's requests to coordinate. Users are encouraged to reach out to Apollo Pharmacy directly for more information: https://www.apollopharmacy.in/contact-us CISA recommends users follow the guidance in the Understanding Bluetooth Technology blog:  https://www.cisa.gov/news-events/news/understanding-bluetooth-technology

OpenCVE Recommended Actions

  • Contact Apollo Pharmacy for guidance and possible firmware updates or patches
  • Disable the device’s Bluetooth radio or turn off the device during use to prevent unauthorized connections
  • Follow CISA’s Bluetooth security best‑practice guidance, such as disabling discoverable mode, using secure pairing, and monitoring for unexpected connection attempts

Generated by OpenCVE AI on June 19, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Description An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection.
Title Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Missing Authorization
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-06-18T23:45:34.263Z

Reserved: 2026-06-10T21:21:12.261Z

Link: CVE-2026-52866

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T01:30:16Z

Weaknesses