CVE-2026-4272
Published: 05 April 2026
Summary
CVE-2026-4272 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Https: (inferred from references). Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 10.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-18 (Wireless Access).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the missing authentication for critical functions by requiring identification and documentation of actions permitted without authentication, ensuring command execution requires proper authorization.
Establishes usage restrictions and security safeguards for wireless access, including Bluetooth, to prevent unauthorized remote connections to the scanner base station.
Requires device identification and authentication mechanisms for the scanner base station, blocking unauthenticated Bluetooth connections that enable remote command execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authentication enables unauthenticated exploitation of the base station's Bluetooth interface (T1210) to execute system commands on the connected host (T1059).
NVD Description
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432BAA, from D1 Base(Ingenic x1600) before HE000085BAA, from A1/B1 Base(IMX25) before BK000763BAA_BK000765BAA_CU000101BAA. This vulnerability could allow a remote…
more
attacker within Bluetooth range of the scanner's base station has the capability to remotely execute system commands on the host connected to the base station without authentication. This issue has been assigned CVE-2026-4272 https://nvd.nist.gov/vuln/detail/CVE-2026-4272 and rated with a severity of High. Honeywell strongly recommends that users upgrade to the latest version identified to resolve the vulnerability.
Deeper analysisAI
CVE-2026-4272 is a Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners, enabling Authentication Abuse. It affects specific versions of the scanner base stations: C1 Base (Ingenic x1000) prior to GK000432BAA, D1 Base (Ingenic x1600) prior to HE000085BAA, and A1/B1 Base (IMX25) prior to BK000763BAA, BK000765BAA, or CU000101BAA. The issue stems from a lack of authentication mechanisms for critical functions, as documented in the National Vulnerability Database (NVD) with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) and mapped to CWE-306.
A remote attacker within Bluetooth range of the affected scanner's base station can exploit this vulnerability without authentication. Exploitation requires user interaction, allowing the attacker to remotely execute system commands on the host device connected to the base station. This grants high-impact confidentiality and integrity violations, potentially compromising the connected system.
Honeywell advisories, as referenced in the NVD entry (https://nvd.nist.gov/vuln/detail/CVE-2026-4272), strongly recommend upgrading to the latest firmware versions identified for each affected base station model to mitigate the vulnerability. No additional workaround details are provided in the available references.
Details
- CWE(s)