Home / Vulnerability Intelligence / CVE-2026-3559

CVE-2026-3559 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 16, 2026

Philips Hue Bridge - Authentication Bypass

Published: March 16, 2026Updated: March 16, 2026

Overview

Philips Hue Bridge contains an authentication bypass caused by static nonce usage in the HomeKit Accessory Protocol's SRP authentication mechanism on TCP port 8080, letting network-adjacent attackers bypass authentication without credentials.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 2.5%(Probability of exploitation in next 30 days)

Impact

Network-adjacent attackers can bypass authentication, potentially gaining unauthorized access to the device.

Mitigation

Update to the latest version that addresses the static nonce issue in the HomeKit Accessory Protocol.

References

https://www.zerodayinitiative.com/advisories/ZDI-26-157/

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 16, 2026

🟠 CVE-2026-3559 - High (8.1) Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not re... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3559/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3559
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: unconfirmed
EPSS: 2.5%
Social Posts: 1

CWE

CWE-323

CVSS Metrics

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

2.5%Probability of exploitation in the next 30 days