CVE-2026-2756

MEDIUM

OmniPEMF NeoRhythm BLE missing authentication

Title source: cna

Description

A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Vdb Entry] https://vuldb.com/?id.352383

[Signature, Permissions Required] https://vuldb.com/?ctiid.352383

[Third Party Advisory] https://vuldb.com/?submit.774937

Scores

CVSS v3 5.0

EPSS 0.0004

EPSS Percentile 13.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-287 CWE-306

Status published

Products (1)

OmniPEMF/NeoRhythm 20260308

Published Mar 21, 2026

Tracked Since Mar 21, 2026