Skip to main content

Apollo APG-01 BT CVE-2026-52866

| EUVDEUVD-2026-37970 HIGH
Missing Authorization (CWE-862)
2026-06-18 icscert GHSA-47r7-422p-6w2p
7.1
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
7.1 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Adjacent BLE radio range gives AV:A; no auth, complexity, or user interaction needed; only availability of the single BLE slot is impacted, so C:N/I:N/A:H.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 19, 2026 - 00:31 vuln.today
Severity Changed
Jun 19, 2026 - 00:22 NVD
MEDIUM HIGH
CVSS changed
Jun 19, 2026 - 00:22 NVD
6.5 (MEDIUM) 7.1 (HIGH)

DescriptionCVE.org

An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection.

AnalysisAI

Denial-of-service in the Apollo Pharmacy Blood Glucose Monitoring System (model APG-01 BT) allows an attacker within Bluetooth Low Energy radio range to seize the device's single BLE connection slot, blocking the legitimate patient app or clinician from pairing and reading glucose measurements. The flaw is rooted in missing authorization (CWE-862) on connection acceptance and was disclosed through CISA's ICS Medical advisory ICSMA-26-169-01. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Position within BLE range of meter
Delivery
Scan for APG-01 BT advertisement
Exploit
Initiate unauthenticated GATT connection
Execution
Hold the single connection slot open
Persist
Legitimate patient app denied pairing
Impact
Glucose reading delayed or lost

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker's BLE radio to be within adjacent-network range of a powered-on APG-01 BT meter that is advertising or otherwise accepting an incoming central connection; no pairing key, prior authentication, user interaction, or non-default configuration is needed, which is consistent with AV:A/AC:L/AT:N/PR:N/UI:N. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N) accurately reflects an adjacent-network, unauthenticated, low-complexity attack with availability-only impact (VA:H, VC:N, VI:N), yielding 7.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker in a clinic waiting room, pharmacy, or shared household (within roughly 10 metres) uses a standard smartphone or a Linux laptop with BlueZ to scan for the APG-01 BT advertisement and initiates a GATT connection to it, then simply holds the link open. While the slot is occupied the patient's official app cannot connect, so the glucose reading cannot be transferred - repeated denial during a hypo/hyperglycaemic episode could delay treatment. …
Remediation No vendor-released patch identified at time of analysis from the provided references; the ICSMA-26-169-01 advisory (https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-169-01) should be consulted for any firmware update or mitigation guidance issued after publication, and end users should reach Apollo Pharmacy support (https://www.apollopharmacy.in/contact-us) for device-specific updates. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all APG-01 BT units deployed in clinical environments and notify clinical leadership and patient safety teams of the vulnerability. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52866 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy