What is CVE-2026-1354?

CVE-2026-1354 is a medium-severity vulnerability in Zero Motorcycles Firmware, classified under Key Exchange without Entity Authentication. CVSS score: 6.4/10. Published 2026-04-21.

How severe is CVE-2026-1354?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Vulnerability in Zero Motorcycles Firmware

CVE-2026-1354

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload mali…

EPSS: 0.000 (7.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H.

Affected products

Zero Motorcycles Firmware — versions 0

Weakness classification (CWE)

CWE-322 — Key Exchange without Entity Authentication

References

www.cisa.gov/news-events/ics-advisories/icsa-26-111-06
github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-06.js…

Frequently asked questions

What is CVE-2026-1354?: CVE-2026-1354 is a medium-severity vulnerability in Zero Motorcycles Firmware, classified under Key Exchange without Entity Authentication. CVSS score: 6.4/10. Published 2026-04-21.
How severe is CVE-2026-1354?: Medium severity. CVSS v3 base score is 6.4 out of 10.