CVE-2026-52866
Awaiting Analysis Awaiting Analysis - Queue

BLE Connection Slot Denial of Service in Device

Vulnerability report for CVE-2026-52866, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-19

Last updated on: 2026-06-22

Assigner: ICS-CERT

Description

An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-19
Last Modified
2026-06-22
Generated
2026-07-09
AI Q&A
2026-06-19
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
apollo_pharmacy blood_glucose_monitoring_system apg-01_bt
apollo_pharmacy csafpid-0001 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include following guidance from CISA's "Understanding Bluetooth Technology" blog to reduce risks associated with BLE vulnerabilities.

Users are advised to contact Apollo Pharmacy directly for further information and potential patches or updates, as the manufacturer did not respond to CISA's coordination requests.

Executive Summary

CVE-2026-52866 is a vulnerability in the Blood Glucose Monitoring System (Model No. APG-01 BT) manufactured by Apollo Pharmacy. An attacker within Bluetooth Low Energy (BLE) communication range can monopolize the device's only available BLE connection slot.

This means the attacker prevents legitimate users or applications from establishing a connection to the device, effectively blocking access.

The issue is classified under CWE-862 (Missing Authorization), indicating that the device does not properly restrict who can connect via BLE.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can impact you by preventing legitimate users or applications from connecting to the Blood Glucose Monitoring System.

Since the device only has one BLE connection slot, an attacker monopolizing it can cause denial of service, potentially disrupting critical health monitoring.

This disruption could delay or prevent access to important health data, which may have serious consequences for users relying on the device.

Detection Guidance

This vulnerability involves an attacker within Bluetooth Low Energy (BLE) communication range monopolizing the device's only available BLE connection slot, preventing legitimate connections.

Detection would involve monitoring BLE connections to the affected Blood Glucose Monitoring System (Model No. APG-01 BT) for unusual or persistent connection attempts that block legitimate users.

Specific commands or tools to detect this behavior are not provided in the available information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52866. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart