Skip to main content

Silicon Labs Simplicity SDK CVE-2026-8676

| EUVD-2026-31969 HIGH
Authentication Bypass by Spoofing (CWE-290)
2026-05-26 Silabs GHSA-h7g2-qqw7-mf7r
Authentication Bypass
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
May 26, 2026 - 22:02 EUVD
Analysis Generated
May 26, 2026 - 21:02 vuln.today

DescriptionNVD

An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.

AnalysisAI

Bluetooth LE bond downgrade in Silicon Labs Simplicity SDK allows an adjacent attacker to weaken connection security by deleting an existing bond, impersonating the previously bonded peer, and forcing a new pairing under attacker-controlled parameters. The flaw enables compromise of confidentiality, integrity, and availability of BLE communications on devices built with the affected SDK, and no public exploit has been identified at time of analysis.

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all products and firmware versions using Silicon Labs Simplicity SDK with Bluetooth LE capabilities in your environment. Within 7 days: Complete inventory of affected deployed devices, assess network exposure and criticality, and prioritize systems handling sensitive data or controlling physical processes. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-8676 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy