CVE-2026-2756

MEDIUM 5.0

OmniPEMF NeoRhythm BLE missing authentication

CVSS Score

5.0

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-306 CWE-287
Vendor	omnipemf
Product	neorhythm
Published	Mar 21, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for omnipemf neorhythm

Be the first to know when new medium vulnerabilities affecting omnipemf neorhythm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

OmniPEMF / NeoRhythm

20260308

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.352383 vuldb.com: https://vuldb.com/?ctiid.352383 vuldb.com: https://vuldb.com/?submit.774937 ab3j.radio: https://ab3j.radio/NeoRhythm.pdf

Credits

🔍 drewbug (VulDB User) VulDB