CVE-2026-52866
Received Received - Intake
BLE Connection Slot Denial of Service in Device

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: ICS-CERT

Description
An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-52866
EUVD
EUVD-2026-37970
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
apollo_pharmacy blood_glucose_monitoring_system apg-01_bt
apollo_pharmacy csafpid-0001 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

Immediate mitigation steps include following guidance from CISA's "Understanding Bluetooth Technology" blog to reduce risks associated with BLE vulnerabilities.

Users are advised to contact Apollo Pharmacy directly for further information and potential patches or updates, as the manufacturer did not respond to CISA's coordination requests.

Executive Summary

CVE-2026-52866 is a vulnerability in the Blood Glucose Monitoring System (Model No. APG-01 BT) manufactured by Apollo Pharmacy. An attacker within Bluetooth Low Energy (BLE) communication range can monopolize the device's only available BLE connection slot.

This means the attacker prevents legitimate users or applications from establishing a connection to the device, effectively blocking access.

The issue is classified under CWE-862 (Missing Authorization), indicating that the device does not properly restrict who can connect via BLE.

Impact Analysis

This vulnerability can impact you by preventing legitimate users or applications from connecting to the Blood Glucose Monitoring System.

Since the device only has one BLE connection slot, an attacker monopolizing it can cause denial of service, potentially disrupting critical health monitoring.

This disruption could delay or prevent access to important health data, which may have serious consequences for users relying on the device.

Detection Guidance

This vulnerability involves an attacker within Bluetooth Low Energy (BLE) communication range monopolizing the device's only available BLE connection slot, preventing legitimate connections.

Detection would involve monitoring BLE connections to the affected Blood Glucose Monitoring System (Model No. APG-01 BT) for unusual or persistent connection attempts that block legitimate users.

Specific commands or tools to detect this behavior are not provided in the available information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52866. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart