Cyber Resilience

CVE-2026-8676

High

Published: 26 May 2026

Published
26 May 2026
Modified
27 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 10.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-8676 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

BLE bond spoofing directly enables adversary-in-the-middle position via device impersonation (closest match to T1557 and Evil Twin concept).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-4728Shared CWE-290
CVE-2026-28954Shared CWE-290
CVE-2026-8960Shared CWE-290
CVE-2021-47923Shared CWE-290
CVE-2026-22734Shared CWE-290
CVE-2018-25316Shared CWE-290
CVE-2026-0834Shared CWE-290
CVE-2025-13455Shared CWE-290
CVE-2025-69401Shared CWE-290
CVE-2025-27671Shared CWE-290

Affected Assets

Silabs
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-290

Reveals spoofed logon attempts through unexpected previous logon timestamps upon legitimate login.

addresses: CWE-290

Training specifically addresses recognizing spoofed communications and phishing that enable authentication bypass.

addresses: CWE-290

Requiring verifiable identity evidence at appropriate assurance levels makes it substantially harder for attackers to successfully spoof or impersonate users to obtain accounts.

addresses: CWE-290

Unique device authentication makes successful spoofing of device identity substantially more difficult to achieve.

addresses: CWE-290

Unique identification of non-organizational users reduces the feasibility of authentication bypass by spoofing.

addresses: CWE-290

Unique identification and authentication of services before communications makes spoofing of service identities substantially harder.

addresses: CWE-290

Isolated trusted path ensures the user interacts only with genuine system components, preventing spoofing of authentication interfaces or prompts.

addresses: CWE-290

Directly counters DNS response spoofing by requiring cryptographic origin authentication artifacts from the authoritative source.

References