CVE-2026-1354 — MEDIUM (6.4)

Vulnerability Description

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first be in Bluetooth pairing mode, and the attacker must be in proximity of the vehicle and understand the full pairing process, to be able to pair their device with the vehicle. The attacker's device must remain paired with and in proximity of the motorcycle for the entire duration of the firmware update.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-322

References

FAQ

What is CVE-2026-1354?

CVE-2026-1354 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating fu...

How severe is CVE-2026-1354?

CVE-2026-1354 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-1354?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.