Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A high-severity vulnerability (CVE-2026-3557) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the device's authentication mechanism. This gives attackers complete control over affected Hue Bridge installations with a CVSS score of 8.0. Security teams should prioritize patching Philips Hue Bridge systems immediately and consider implementing network segmentation to restrict access to these devices until updates are available.