Vulnerability Details CVE-2026-3560
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the hk_hap_pair_storage_put function of the HomeKit implementation, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28469.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.3%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-3560
-
cpe:2.3:h:philips:hue_bridge_v2:-
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01028090
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01029624
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01030262
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01031131
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01032318
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01033370
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01033989
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01035934
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01036562
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01036659
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01038390
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:01039019
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1705121051
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1707040932
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1709131301
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1711151408
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1801260942
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1802201122
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1804201116
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1806051111
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1808300701
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1809121051
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1811120916
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1901181309
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1931069120
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1931140050
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1932073040
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1932126170
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1933087030
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1933144020
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1934058060
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1934129020
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1935074050
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1935144020
-
cpe:2.3:o:philips:hue_bridge_v2_firmware:1935144040