CVE-2026-3562
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480.
| CWE | CWE-347 |
| Vendor | philips |
| Product | hue bridge |
| Published | Mar 13, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for philips hue bridge
Be the first to know when new medium vulnerabilities affecting philips hue bridge are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Versions
Philips / Hue Bridge
1.73.1973146020