High severity8.8NVD Advisory· Published Mar 16, 2026· Updated Apr 27, 2026
CVE-2026-3562
CVE-2026-3562
Description
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:o:philips:hue_bridge_v2_firmware:*:*:*:*:*:*:*:*Range: <1975170000
Patches
Vulnerability mechanics
References
1- www.zerodayinitiative.com/advisories/ZDI-26-160/nvdThird Party Advisory
News mentions
1- ZDI-26-160: (Pwn2Own) Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass VulnerabilityZero Day Initiative · Mar 6, 2026