Medium severity4.8NVD Advisory· Published Oct 25, 2021· Updated Jun 17, 2026
CVE-2021-40526
CVE-2021-40526
Description
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike
Affected products
2- Peleton/TTR01description
Patches
Vulnerability mechanics
References
1- twitter.com/ROPsicle/status/1438216078103044107nvdThird Party Advisory
News mentions
0No linked articles in our index yet.