CVE-2026-0842

MEDIUM

Flycatcher Toys smART Sketcher <2.0 - Missing Authentication

Title source: llm

Description

A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The attack can only be done within the local network. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

nomisec WORKING POC 3 stars

by davidrxchester · poc

https://github.com/davidrxchester/smart-sketcher-upload

View Code ZIP pw:eip

References (4)

[Various Sources] https://github.com/davidrxchester/smart-sketcher-upload/blob/main/smartsketch-upload.py

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.340442

[Permissions Required, VDB Entry] https://vuldb.com/?id.340442

[Permissions Required, VDB Entry] https://vuldb.com/?submit.729134

Scores

CVSS v3 6.3

EPSS 0.0001

EPSS Percentile 1.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-287 CWE-306

Status published

Products (1)

Flycatcher Toys/smART Sketcher 2.0

Published Jan 11, 2026

Tracked Since Feb 18, 2026