CVE-2026-0842

MEDIUM

Flycatcher Toys smART Sketcher <2.0 - Missing Authentication

Title source: llm

Description

A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The attack can only be done within the local network. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

nomisec WORKING POC 3 stars

by davidrxchester · poc

https://github.com/davidrxchester/smart-sketcher-upload

View Code ZIP pw:eip

References (4)

[Various Sources] https://github.com/davidrxchester/smart-sketcher-upload/blob/main/smartsketch-upload.py

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.340442

[Permissions Required, VDB Entry] https://vuldb.com/?id.340442

[Permissions Required, VDB Entry] https://vuldb.com/?submit.729134

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 11.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-287 CWE-306

Status draft

Timeline

Published Jan 11, 2026

Tracked Since Feb 18, 2026