Skip to main content

Silicon Labs Simplicity SDK EUVDEUVD-2026-31969

| CVE-2026-8676 HIGH
Authentication Bypass by Spoofing (CWE-290)
2026-05-26 Silabs GHSA-h7g2-qqw7-mf7r
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
May 26, 2026 - 22:02 EUVD
Analysis Generated
May 26, 2026 - 21:02 vuln.today

DescriptionCVE.org

An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.

AnalysisAI

Bluetooth LE bond downgrade in Silicon Labs Simplicity SDK allows an adjacent attacker to weaken connection security by deleting an existing bond, impersonating the previously bonded peer, and forcing a new pairing under attacker-controlled parameters. The flaw enables compromise of confidentiality, integrity, and availability of BLE communications on devices built with the affected SDK, and no public exploit has been identified at time of analysis.

Technical ContextAI

The vulnerability resides in the Bluetooth LE bonding/pairing implementation shipped with Silicon Labs' Simplicity SDK (cpe:2.3:a:silabs.com:simplicity_sdk), the development platform used to build firmware for Silicon Labs wireless SoCs and modules. Bonding in BLE stores long-term keys (LTKs) that enable encrypted reconnection without re-pairing; the affected stack does not adequately validate the authenticity of a peer requesting deletion or re-establishment of a bond, mapping to CWE-290 (Authentication Bypass by Spoofing). By removing the prior bond record, an attacker can present itself as the legitimate device on the next connection and complete pairing afresh, potentially under Just Works or otherwise downgraded security parameters, defeating the protections originally negotiated.

RemediationAI

Upstream fix available per vendor advisory; the Silicon Labs Bluetooth software 9.0.0.0 release notes should be consulted to confirm the patched stack version and to update Simplicity SDK and rebuild affected firmware accordingly (https://community.silabs.com/068Vm00000p3N9C and https://www.silabs.com/documents/public/release-notes/bt-software-release-notes-9.0.0.0.pdf). Until firmware on deployed devices can be updated, operators should require the highest available BLE pairing mode (LE Secure Connections with MITM protection / numeric comparison or passkey entry) in application logic and reject Just Works re-pairings, monitor for unexpected bond loss or re-pairing events on managed fleets, and where feasible operate sensitive devices in physically controlled environments to reduce the radio-range exposure that this attack requires. These mitigations may increase user friction during legitimate re-pairing and will not protect implementations that rely solely on default stack behavior, so firmware update remains the durable remediation.

Share

EUVD-2026-31969 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy