Primary

Context

Apache NimBLE Authentication Bypass Vulnerability Allowing Impersonation

Vulnerability

An authentication bypass vulnerability has been identified in Apache NimBLE versions through 1.8.0. This vulnerability allows an attacker to spoof a security request, leading to the removal of an original bond and the establishment of a new bond with an impostor. As a result, the attacker could impersonate a legitimate device.

Impact

Exploitation of this vulnerability could allow an attacker to impersonate a legitimate device by spoofing security requests, potentially leading to unauthorized access or actions within the application or system.

Remediation

Users are advised to upgrade to Apache NimBLE version 1.9.0, which addresses this vulnerability.

Added: Jan 10, 2026, 10:17 AM

Updated: Jan 10, 2026, 10:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.6

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.6

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache NimBLE Authentication Bypass Vulnerability Allowing Impersonation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating