Description
An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.
Published: 2026-05-26
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can delete a previously established Bluetooth LE bond, impersonate the bonded device, and create a new bond that offers lower security. This flaw undermines the authentication mechanism of the Bluetooth LE connection, allowing an attacker to gain unauthorized access or tamper with data transmitted between devices. The weakness is an authentication bypass (CWE‑290).

Affected Systems

All products that ship with the Silabs Simplicity SDK are affected. No specific version information is provided, but any installation of the SDK should be considered vulnerable until a patch is applied.

Risk and Exploitability

The vulnerability has a CVSS score of 8.8, indicating a high severity. The EPSS score is not available, and the CVE is not listed in the CISA KEV catalog, so no current evidence of exploitation is recorded. The attack vector is inferred to be through the Bluetooth communication channel, meaning the threat may arise from a nearby device or a remote attacker within Bluetooth range.

Generated by OpenCVE AI on May 26, 2026 at 21:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Silabs Simplicity SDK to the latest version (9.0.0.0 or later) as noted in the release notes. The update contains a fix that prevents unauthorized bond deletion and spoofing.
  • Verify that bond deletion requests are authenticated and only originate from trusted devices or the system itself. Implement strict authentication checks before allowing a bond to be removed or re-established.
  • Configure the Bluetooth LE stack to reject any attempts to delete an existing bond and immediately terminate or log such events. Maintaining strict control over bonding operations reduces the risk of unauthorized access.

Generated by OpenCVE AI on May 26, 2026 at 21:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Bluetooth LE Bonding Downgrade via Spoofing

Tue, 26 May 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.
Weaknesses CWE-290
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-05-26T20:47:58.785Z

Reserved: 2026-05-15T13:12:50.026Z

Link: CVE-2026-8676

cve-icon Vulnrichment

Updated: 2026-05-26T20:47:55.786Z

cve-icon NVD

Status : Received

Published: 2026-05-26T21:16:44.630

Modified: 2026-05-26T21:16:44.630

Link: CVE-2026-8676

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T21:30:16Z

Weaknesses