Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability

A high-severity authentication bypass vulnerability (CVE-2026-3559) has been discovered in Philips Hue Bridge that allows network-adjacent attackers to gain unauthorized access without any credentials. Attackers can exploit this flaw to potentially control smart lighting systems and access sensitive configuration data on affected devices. Security teams should immediately apply patches when available and consider implementing network segmentation to restrict access to Hue Bridge devices from untrusted network segments.