Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability

A critical unauthenticated remote code execution vulnerability (CVE-2026-3560) has been discovered in the Philips Hue Bridge smart home device, rated as HIGH severity with a CVSS score of 8.8. Network-adjacent attackers can exploit this flaw without requiring any credentials to execute arbitrary code on vulnerable systems, potentially giving them full control of the device. Security teams should immediately prioritize patching affected Philips Hue Bridge installations and consider isolating these devices on network segments with restricted access until updates are available.