Cyber Resilience

CVE-2026-2815

High

Published: 25 June 2026

Published
25 June 2026
Modified
25 June 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0016 5.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-2815 is a high-severity Small Seed Space in PRNG (CWE-339) vulnerability in Force (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Reduce Key Space (T1600.001); ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1600.001 Reduce Key Space Defense Impairment
Adversaries may reduce the level of effort required to decrypt data transmitted over the network by reducing the cipher strength of encrypted communications.
Why these techniques?

Predictable keys from flawed PUF-based generation directly reduce effective key space (CWE-339).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

Force
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References