Primary

Context

Apache NimBLE Data Transmission Without Encryption Vulnerability

Vulnerability

A vulnerability in Apache NimBLE versions through 1.8.0 allows for data transmission without encryption. This issue arises from improper handling of the Pause Encryption procedure in the Link Layer, leaving a previously encrypted connection unencrypted. As a result, an eavesdropper could intercept and observe the remainder of the data exchange.

Impact

Exploitation of this vulnerability could lead to unauthorized interception of unencrypted data being transmitted over a previously secured connection.

Remediation

Users are advised to upgrade to Apache NimBLE version 1.9.0, which addresses this vulnerability.

Added: Jan 10, 2026, 10:19 AM

Updated: Jan 10, 2026, 10:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.6

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.6

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache NimBLE Data Transmission Without Encryption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating