CVE-2026-50034

Summary

An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values.

Affected Software

VendorProductVersion RangeStatus
Apollo PharmacyBlood Glucose Monitoring System (Model No. APG-01 BT)0x0110_v1.1.0affected

Weaknesses

  • CWE-319: CWE-319

Workarounds

Apollo Pharmacy did not respond to CISA's requests to coordinate. Users are encouraged to reach out to Apollo Pharmacy directly for more information: https://www.apollopharmacy.in/contact-us

CISA recommends users follow the guidance in the Understanding Bluetooth Technology blog:  https://www.cisa.gov/news-events/news/understanding-bluetooth-technology

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References