CVE-2026-4272 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: April 5, 2026
Honeywell Handheld Scanners - Authentication Bypass
Published: April 5, 2026Updated: April 5, 2026Remote Exploitable
Overview
Honeywell Handheld Scanners before GK000432BAA, HE000085BAA, BK000763BAA_BK000765BAA_CU000101BAA contain a missing authentication for critical function vulnerability caused by lack of authentication on system command execution, letting remote attackers within Bluetooth range execute system commands without authentication.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Remote attackers within Bluetooth range can execute system commands on the host, potentially leading to full system compromise.
Mitigation
Upgrade to the latest available version as recommended by Honeywell.
Related Resources
Details
- CVE ID
- CVE-2026-4272
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_authentication
- Status
- new
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N