CVE-2026-2065HIGH 8.8EPSS p41.6%

CVE-2026-2065CVE-2026-2065

Description

A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from the local network. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.6% · 2026-06-18T12:00:27Z
Published2026-02-06
Last modified2026-04-29

Underlying weaknesses· 3

CWE-287CWE-306CWE-862

References

  1. https://github.com/davidrxchester/smart-pixelator-upload
  2. https://github.com/davidrxchester/smart-pixelator-upload/blob/main/poc.py
  3. https://vuldb.com/?ctiid.344632
  4. https://vuldb.com/?id.344632
  5. https://vuldb.com/?submit.745129

3

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessMissing Authentication for Critical Functioncwe-3060%live
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-0097
CVE
CVE-2025-69969
CVE
CVE-2026-5569
CVE
CVE-2025-11942
CVE
CVE-2025-64055
CVE
CVE-2025-11646
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.