Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability

A critical unauthenticated remote code execution vulnerability (CVE-2026-3556) affects the Philips Hue Bridge smart home hub, rated 8.8 CVSS. Attackers on the same network can execute arbitrary code on vulnerable devices without needing any credentials, potentially gaining full control of the bridge and connected smart home devices. Security teams should immediately update Philips Hue Bridge installations to patched versions and consider implementing network segmentation to restrict bridge access to trusted devices only.