CVE-2026-2541 MEDIUM

CVE-2026-2541: Micca KE700 Brute-force vulnerability due to low entropy

Vendor Micca Auto Electronics Co., Ltd.
Product Car Alarm System KE700
Weakness CWE-331
Published February 15, 2026
Last update February 17, 2026

CVSS base score

6.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:H/V:D/RE:H

What the vulnerability does

01Description

The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle.

Key dates

02Disclosure timeline

February 15, 2026 CVE published
February 17, 2026 Record updated