CVE-2026-2671
Cleartext Data Exposure in Mendi BLE Handler via Local Attack
Publication date: 2026-03-07
Last updated on: 2026-03-07
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mendi_innovation_ab | mendi_neurofeedback_headset | 4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-310 | Cryptographic Issues |
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the cleartext transmission of sensitive neural activity data over Bluetooth Low Energy (BLE) without encryption, allowing passive interception by attackers within BLE radio range.
Detection can be performed by monitoring BLE traffic using common wireless analysis tools such as the Nordic nRF Sniffer or a modified smartphone configured for BLE packet capture.
Since the data is transmitted unencrypted and without pairing or authentication, passive sniffing of BLE packets on the 2.4 GHz ISM band can reveal the sensitive data streams.
- Use Nordic nRF Sniffer to capture BLE packets around the device.
- Use a BLE packet capture app on a modified smartphone to monitor BLE transmissions.
- Analyze captured BLE packets for cleartext functional near-infrared spectroscopy (fNIRS) sensor data or neural activity signals.
What immediate steps should I take to mitigate this vulnerability?
No known mitigations or countermeasures currently exist for this vulnerability as the vendor has not responded and the device lacks secure BLE pairing and application-layer encryption.
Immediate steps include limiting physical proximity to the device to reduce BLE radio range exposure and considering replacing the affected Mendi Neurofeedback Headset V4 with an alternative product that implements secure BLE communication.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2671 is a vulnerability in the Mendi Innovation AB Mendi V4 neurofeedback headset involving the Bluetooth Low Energy (BLE) communication. The device transmits sensitive neural activity data, specifically functional near-infrared spectroscopy (fNIRS) sensor data, in cleartext without encryption or secure pairing.'}, {'type': 'paragraph', 'content': "This means that an attacker within BLE radio range can passively intercept these transmissions without needing to pair, authenticate, or actively probe the device. The intercepted data can be decoded to reconstruct the user's brain activity signals in real time, without the user's knowledge or consent."}, {'type': 'paragraph', 'content': 'The vulnerability arises from the lack of secure BLE pairing mechanisms and absence of application-layer encryption, making the sensitive neural data exposed to anyone nearby capable of monitoring the wireless communication.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by exposing sensitive neural activity data transmitted by the Mendi neurofeedback headset to unauthorized parties within wireless range.
An attacker can passively intercept and decode your brain activity signals without your consent or knowledge, potentially compromising your privacy and confidentiality of sensitive biometric information.
Since the attack leaves no forensic evidence and requires no authentication, it is difficult to detect or attribute, increasing the risk of unnoticed data leakage.
The vulnerability affects confidentiality but does not impact data integrity or availability.