{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3562", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-03-04T19:42:57.379Z", "datePublished": "2026-03-13T20:37:09.162Z", "dateUpdated": "2026-03-16T20:21:33.688Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-03-13T20:37:09.162Z"}, "title": "Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability", "descriptions": [{"lang": "en", "value": "Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480."}], "affected": [{"vendor": "Philips", "product": "Hue Bridge", "versions": [{"version": "1.73.1973146020", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-160/", "name": "ZDI-26-160", "tags": ["x_research-advisory"]}], "dateAssigned": "2026-03-04T19:42:57.414Z", "datePublic": "2026-03-06T21:19:44.813Z", "source": {"lang": "en", "value": "Viettel Cyber Security"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T20:21:23.637688Z", "id": "CVE-2026-3562", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T20:21:33.688Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3562", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T20:21:23.637688Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T20:21:29.149Z"}}], "cna": {"title": "Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability", "source": {"lang": "en", "value": "Viettel Cyber Security"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "Philips", "product": "Hue Bridge", "versions": [{"status": "affected", "version": "1.73.1973146020"}], "defaultStatus": "unknown"}], "datePublic": "2026-03-06T21:19:44.813Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-160/", "name": "ZDI-26-160", "tags": ["x_research-advisory"]}], "dateAssigned": "2026-03-04T19:42:57.414Z", "descriptions": [{"lang": "en", "value": "Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-03-13T20:37:09.162Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3562", "state": "PUBLISHED", "dateUpdated": "2026-03-16T20:21:33.688Z", "dateReserved": "2026-03-04T19:42:57.379Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2026-03-13T20:37:09.162Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:philips:hue_bridge_v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4C925A5-D9FB-482D-A98D-F879B1BD21EC", "versionEndExcluding": "1975170000", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:philips:hue_bridge_v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "55B37D18-3A59-423E-9D73-F80DFDB14C4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480."}, {"lang": "es", "value": "Vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n por Verificaci\u00f3n de Firma Ed25519 de hk_hap en Philips Hue Bridge. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Philips Hue Bridge. La autenticaci\u00f3n no es requerida para explotar esta vulnerabilidad.\n\nLa falla espec\u00edfica existe dentro de la funci\u00f3n ed25519_sign_open. El problema resulta de una verificaci\u00f3n incorrecta de una firma criptogr\u00e1fica. Un atacante puede aprovechar esta vulnerabilidad para omitir la autenticaci\u00f3n en el sistema. Fue ZDI-CAN-28480."}], "id": "CVE-2026-3562", "lastModified": "2026-04-27T14:28:53.410", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-16T14:19:52.337", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-160/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.73.1973146020"}}], "enrichment": {"confidence": 97.0, "confidence_source": "matching", "scores": [{"score": 97.0, "source": "matching"}]}, "original": {"product": "Hue Bridge", "source": "cna", "vendor": "Philips"}, "product": "hue_bridge", "vendor": "phillips"}], "analysis": {"en": {"generated_at": "2026-04-28T09:21:05.809216+00:00", "value": {"mitigation_remediation": ["Check Philips Hue support or product website for a firmware update or official patch to address the flaw.", "Apply the vendor\u2011released patch or firmware update as soon as it becomes available.", "If a patch is not yet available, isolate the Hue Bridge from untrusted local network segments using VLAN or firewall rules to reduce the attack surface.", "Limit or disable any remote management services on the bridge that are not required for operation.", "Monitor local network traffic for anomalous attempts to interact with the Hue Bridge and investigate any suspicious activity.", "Report any exploitation indicators to Philips security support and follow any advisories issued by the vendor."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affected vendor: Philips; affected product: Hue Bridge. Specific version information is not provided in the available data, so any installation of the Hue Bridge that incorporates the flawed ed25519_sign_open implementation is potentially impacted. The vulnerability is listed as being exploitable by network-adjacent attackers.", "description_and_impact": "The vulnerability in Philips Hue Bridge involves improper verification of an Ed25519 cryptographic signature within the ed25519_sign_open function, enabling attackers to bypass authentication and execute arbitrary code on the device. This flaw falls under the Common Weakness Enumeration ID CWE-347. The impact is the potential for an adversary to compromise the bridge\u2019s confidentiality, integrity, and availability, effectively controlling the device without needing valid credentials.", "risk_and_exploitability": "The CVSS score is 8.8, indicating high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the near term. The vulnerability is not currently listed in the CISA KEV catalog, which further indicates it has not yet been widely observed in the wild. Attackers with lateral network access can exploit the flaw without authentication; however, the specific conditions required for successful code execution are not detailed in the data and thus remain inferred from the description. Overall, the risk is non\u2011negligible, and mitigation should be pursued promptly once a vendor patch or workaround becomes available."}}}}, "created": "2026-03-16T09:23:41.629947+00:00", "updated": "2026-04-28T09:30:26.199001+00:00", "vendors": ["phillips", "phillips$PRODUCT$hue_bridge"]}