At the Bluetooth SIG, we strive to make Bluetooth the global standard for simple, secure wireless connectivity and security is of the utmost importance.  If you have found a potential security issue in any Bluetooth specification, please contact us via email at security@bluetooth.com.  For encrypted communication, you may use our public key.

We do our best to respond to security issues within 48 hours, but if you do not receive a response within this time frame, please feel free to follow up with us to ensure that we have received your original report.

Report Details
The following information will help us to evaluate your submission as quickly as possible. If available, please include in your report:

  • Vulnerability type (security, privacy, availability/DoS, etc.)
  • Affected specification and version
  • Instructions to reproduce the issue
  • A proof-of-concept (PoC)

Bluetooth Security Notices

Vulnerability Publication Date Details Specifications Affected CVE [NVD]
InjectaBLE: Injecting malicious traffic into established Bluetooth Low Energy connections 06/21/2021 SIG Security Notice Core Spec, v4.0 to 5.2 CVE-2021-31615
Bluetooth Mesh Profile AuthValue leak 05/24/2021 SIG Security Notice Mesh Profile Spec, v1.0 to v1.0.1 CVE-2020-26559
Malleable commitment in Bluetooth Mesh Profile provisioning 05/24/2021 SIG Security Notice Mesh Profile Spec, v1.0 to v1.0.1 CVE-2020-26556
Predictable Authvalue in Bluetooth Mesh Profile provisioning leads to MITM 05/24/2021 SIG Security Notice Mesh Profile Spec, v1.0 to v1.0.1 CVE-2020-26557
Impersonation attack in Bluetooth Mesh Profile provisioning 05/24/2021 SIG Security Notice Mesh Profile Spec, v1.0 to v1.0.1 CVE-2020-26560
Impersonation in the BR/EDR pin-pairing protocol 05/24/2021 SIG Security Notice Core Spec, v1.0B to 5.2 CVE-2020-26555
Authentication of the Bluetooth LE legacy-pairing protocol 05/24/2021 SIG Security Notice Core Spec, v4.0 to 5.2 N/A
Impersonation in the Passkey entry protocol 05/24/2021 SIG Security Notice Core Spec, v2.1 to 5.2 CVE-2020-26558
Exploiting Cross-Transport Key Derivation 09/09/2020 SIG Security Notice Core Spec, v4.2 to 5.0 CVE-2020-15802
Pairing Method Confusion 05/18/2020 SIG Security Notice

Core Spec, v2.1 to v5.2

CVE-2020-10134
Bluetooth Impersonation Attacks 05/18/2020 SIG Security Notice

Core Spec, v2.1 to v5.2

CVE-2020-10135
Key Negotiation of Bluetooth 08/13/2019 SIG Security Notice Core Spec, v4.2, v5.0 and v5.1 CVE-2019-9506
Validation of Elliptic Curve Parameters 07/23/2018 SIG Security Notice Core Spec, v2.1 to v5.0 CVE-2018-5383
 Get Help