CVE-2026-2815
High
Published: 25 June 2026
Published
25 June 2026
Modified
25 June 2026
KEV Added
—
Patch
—
CVSS Score v4
8.4
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score
0.0016
5.5th percentile
Summary
CVE-2026-2815 is a high-severity Small Seed Space in PRNG (CWE-339) vulnerability in Force (inferred from references). Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Reduce Key Space (T1600.001); ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-39394
Vulnerability details
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
T1600.001 Reduce Key Space Defense Impairment
Adversaries may reduce the level of effort required to decrypt data transmitted over the network by reducing the cipher strength of encrypted communications.
Why these techniques?
Predictable keys from flawed PUF-based generation directly reduce effective key space (CWE-339).
Confidence: HIGH · MITRE ATT&CK Enterprise v19.0
Affected Assets
Force
—
inferred from references and description; NVD did not file a CPE for this CVE
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.