Home / Vulnerability Intelligence / CVE-2026-3559

CVE-2026-3559 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 16, 2026

Philips Hue Bridge - Authentication Bypass

Published: March 16, 2026Updated: March 16, 2026

Overview

Philips Hue Bridge contains an authentication bypass caused by static nonce usage in the HomeKit Accessory Protocol SRP authentication mechanism on TCP port 8080, letting network-adjacent attackers bypass authentication without credentials.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Network-adjacent attackers can bypass authentication, potentially gaining unauthorized access to the device.

Mitigation

Update to the latest version that addresses the static nonce issue in the HomeKit Accessory Protocol.

References

https://www.zerodayinitiative.com/advisories/ZDI-26-157/

Related Resources

Details

CVE ID: CVE-2026-3559
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: unconfirmed

CWE

CWE-323

CVSS Metrics

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N