CVE-2026-4272
Received Received - Intake
Missing Authentication in Honeywell Scanners Enables Remote Command Execution

Publication date: 2026-04-05

Last updated on: 2026-04-05

Assigner: Honeywell International Inc.

Description
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432BAA, from D1 Base(Ingenic x1600) before HE000085BAA, from A1/B1 Base(IMX25) before BK000763BAA_BK000765BAA_CU000101BAA. This vulnerability could allow a remote attacker within Bluetooth range of the scanner's base station has the capability to remotely execute system commands on the host connected to the base station without authentication. This issue has been assignedΒ  CVE-2026-4272 https://nvd.nist.gov/vuln/detail/CVE-2026-4272 and rated with a severity of High. Honeywell strongly recommends that users upgrade to the latest version identified to resolve the vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-05
Last Modified
2026-04-05
Generated
2026-06-16
AI Q&A
2026-04-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4272
EUVD
EUVD-2026-19128
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
honeywell handheld_scanners From C1_Base(Ingenic_x1000) (inc) to GK000432BAA (exc)
honeywell handheld_scanners From D1_Base(Ingenic_x1600) (inc) to HE000085BAA (exc)
honeywell handheld_scanners From A1/B1_Base(IMX25) (inc) to BK000763BAA_BK000765BAA_CU000101BAA (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows a remote attacker within Bluetooth range to execute system commands on the host connected to the scanner's base station without authentication. This unauthorized access and control could lead to exposure or manipulation of sensitive data, potentially impacting compliance with data protection regulations such as GDPR and HIPAA, which require strict access controls and protection of personal and health information.

However, the provided information does not explicitly mention the impact on compliance with specific standards or regulations.

Executive Summary

CVE-2026-4272 is a Missing Authentication for Critical Function vulnerability found in Honeywell Handheld Scanners. It affects specific models of handheld scanners before certain firmware versions. The vulnerability allows a remote attacker within Bluetooth range of the scanner's base station to execute system commands on the host connected to the base station without needing to authenticate.

Impact Analysis

This vulnerability can have a significant impact because it allows an attacker to remotely execute system commands on the host connected to the scanner's base station without authentication. This could lead to unauthorized control over the system, potentially compromising sensitive data or disrupting operations.

Mitigation Strategies

To mitigate this vulnerability, Honeywell strongly recommends upgrading the affected Handheld Scanners to the latest version that resolves the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4272. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart