Skip to main content

Frontier X2 CVE-2026-5768

| EUVDEUVD-2026-33368 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-05-29 icscert GHSA-frhh-w545-jjh2
8.8
CVSS 3.1 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (icscert) · only source for this CVE.

CVSS VectorVendor: icscert

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
May 29, 2026 - 19:01 EUVD
Analysis Generated
May 29, 2026 - 17:51 vuln.today
CVE Published
May 29, 2026 - 16:58 nvd
HIGH 8.8

DescriptionCVE.org

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities, triggering vibrations, causing denial-of-service conditions, and fuzzing characteristic values to induce unexpected behavior. Additionally, the Frontier X mobile application lacks proper BLE device authentication, allowing attackers to impersonate a legitimate Frontier X2 device and connect to the application. By cloning BLE advertisements and exposing expected GATT characteristics, attackers can manipulate activity states and inject fabricated health telemetry such as breathing rate, heart rate, strain, and other health-related data into the mobile application.

AnalysisAI

Unauthenticated BLE access to the Fourth Frontier X2 wearable cardiac monitor allows attackers within radio range to read and write critical GATT characteristics without pairing, enabling control of device functions and injection of fabricated health telemetry. The companion Frontier X Android and iOS applications additionally fail to authenticate paired devices, letting an attacker impersonate a legitimate X2 and feed falsified heart rate, breathing rate, and strain data into a victim's mobile app. No public exploit identified at time of analysis, and the issue is tracked under CISA ICS-MA-26-148-01.

Technical ContextAI

The Frontier X2 is a wearable continuous ECG/cardiac monitor that pairs with Android and iOS companion apps over Bluetooth Low Energy (BLE), exposing device state and telemetry through GATT (Generic Attribute Profile) characteristics. The root cause maps to CWE-306 (Missing Authentication for a Critical Function): the device's GATT server permits read/write operations on sensitive characteristics without requiring BLE bonding, pairing, or any application-layer authentication, and the mobile app similarly trusts any peripheral that broadcasts the expected advertisement payload and GATT service UUIDs. Affected CPEs are cpe:2.3:a:fourth_frontier:frontier_x2, cpe:2.3:a:fourth_frontier:frontier_x_android_application, and cpe:2.3:a:fourth_frontier:frontier_x_ios_application, all listed without version constraints in NVD.

RemediationAI

No vendor-released patch identified at time of analysis; the only vendor channel referenced is the Fourth Frontier contact page at https://fourthfrontier.com/pages/contact-us, so users and procurement teams should contact the vendor directly to obtain firmware and app updates and monitor ICSMA-26-148-01 (https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-148-01) for fix availability. As compensating controls, operate the Frontier X2 only in environments where untrusted parties are not within BLE range (roughly 10-30 meters), power the device off when not actively in use to remove the attack surface, and treat any unexpected vibration, activity start/stop, or anomalous telemetry as a potential indicator of tampering; on the mobile side, avoid initiating connections in public or crowded areas where a rogue advertiser could be present, and cross-check critical health readings against a second trusted source before acting on them clinically. These mitigations trade off convenience and continuous monitoring for integrity assurance and do not fully resolve the missing-authentication root cause.

Share

CVE-2026-5768 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy