Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28374.
AnalysisAI
The Philips Hue Bridge HomeKit Accessory Protocol (HAP) service on TCP port 8080 lacks authentication in transient pairing mode, allowing network-adjacent attackers to bypass authentication and gain unauthorized access without requiring credentials (CVE-2026-3558, CVSS 8.1). This vulnerability affects all versions of Philips Hue Bridge and has been tracked as ZDI-CAN-28374. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Philips Hue Bridge with HomeKit Accessory Protocol service listening on TCP port 8080 (default configuration). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 8.1 score reflects high severity with network-adjacent access (AV:A), low attack complexity (AC:L), no privilege requirements (PR:N), and no user interaction needed (UI:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with access to the same local network as the Philips Hue Bridge (e.g., on the victim's home Wi-Fi, guest network, or corporate office network) sends unauthenticated HAP commands directly to TCP port 8080. Due to the lack of authentication checks in transient pairing mode, the bridge accepts requests to enumerate paired devices, read sensor data (motion, temperature, brightness), and execute control commands (turn lights on/off, change colors, trigger automation scenes). … |
| Remediation | 1. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Philips Hue Bridge devices in your environment and document their network locations; assess whether they control critical facility lighting. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Hue Bridge
View allHeap-based buffer overflow vulnerability in Philips Hue Bridge's HomeKit implementation that allows unauthenticated netw
Critical heap-based buffer overflow vulnerability in Philips Hue Bridge's HomeKit implementation that allows network-adj
CVE-2026-3559 is an authentication bypass vulnerability in Philips Hue Bridge devices affecting the HomeKit Accessory Pr
Heap-based buffer overflow vulnerability in Philips Hue Bridge devices that allows network-adjacent attackers with authe
Heap-based buffer overflow vulnerability in Philips Hue Bridge devices that allows network-adjacent attackers to execute
Heap-based buffer overflow vulnerability in the Philips Hue Bridge's Zigbee stack that allows network-adjacent attackers
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12159