CVE-2026-2065 — MEDIUM (6.3)

Vulnerability Description

A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from the local network. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Flycatcher	Smart Pixelator Firmware	-
Flycatcher	Smart Pixelator	2.0

Related Weaknesses (CWE)

CWE-306 CWE-287 CWE-862

References

https://github.com/davidrxchester/smart-pixelator-uploadNot Applicable
https://github.com/davidrxchester/smart-pixelator-upload/blob/main/poc.pyProduct
https://vuldb.com/?ctiid.344632Permissions RequiredVDB Entry
https://vuldb.com/?id.344632Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.745129Third Party AdvisoryVDB Entry

FAQ

What is CVE-2026-2065?

CVE-2026-2065 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulat...

How severe is CVE-2026-2065?

CVE-2026-2065 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-2065?

Check the references section above for vendor advisories and patch information. Affected products include: Flycatcher Smart Pixelator Firmware, Flycatcher Smart Pixelator.