CVE-2026-2756 LOW

CVE-2026-2756: OmniPEMF NeoRhythm BLE missing authentication

Vendor Omnipemf
Product NeoRhythm
Weakness CWE-306 · Missing auth
Published March 21, 2026
Last update March 23, 2026

CVSS base score

2.3/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

March 21, 2026 CVE published
March 23, 2026 Record updated