CVE-2026-2541

Severity CVSS v4.0:

MEDIUM

Type:

CWE-331 Insufficient Entropy

Publication date:

15/02/2026

Last modified:

15/02/2026

Description

The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle.

Impact

Vector 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:H/V:D/RE:H CVSS v4.0 Severity and Metrics:

Base Score: 6.40 MEDIUM
Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:H/V:D/RE:H

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): None
Confidentiality (VC): Low
Integrity (VI): Low
Availability (VA): None
Confidentiality (SC): Low
Integrity (SI): Low
Availability (SA): High
Value Density (V): Diffuse
Vulnerability Response Effort (RE): High

Base Score 4.0

6.40

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://asrg.io/security-advisories/cve-2026-2541/