Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

Metrics

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Bluetooth
  • Bluetooth Core Specification
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Intel
  • Ac 1550
  • Ac 1550 Firmware
  • Ac 3165
  • Ac 3165 Firmware
  • Ac 3168
  • Ac 3168 Firmware
  • Ac 7265
  • Ac 7265 Firmware
  • Ac 8260
  • Ac 8260 Firmware
  • Ac 8265
  • Ac 8265 Firmware
  • Ac 9260
  • Ac 9260 Firmware
  • Ac 9461
  • Ac 9461 Firmware
  • Ac 9462
  • Ac 9462 Firmware
  • Ac 9560
  • Ac 9560 Firmware
  • Ax1650
  • Ax1650 Firmware
  • Ax1675
  • Ax1675 Firmware
  • Ax200
  • Ax200 Firmware
  • Ax201
  • Ax201 Firmware
  • Ax210
  • Ax210 Firmware
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:intel:ax210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax210:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:intel:ax201_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:intel:ax200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:intel:ac_9560_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:intel:ac_9462_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:intel:ac_9461_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:intel:ac_9260_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_9260:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:intel:ac_8265_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_8265:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:intel:ac_8260_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_8260:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:intel:ac_3168_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_3168:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:intel:ac_7265_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_7265:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:intel:ac_3165_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_3165:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:intel:ax1675_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax1675:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:intel:ax1650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ax1650:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:intel:ac_1550_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:ac_1550:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
bluez-0:5.56-1.el8 cpe:/a:redhat:enterprise_linux:8 RHSA-2021:4432 2021-11-09T00:00:00Z
bluez-0:5.56-1.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2021:4432 2021-11-09T00:00:00Z
References
Link Providers
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d19628f539fccf899298ff02ee4c73e4bf6df3f cve-icon
https://kb.cert.org/vuls/id/799380 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-26558 cve-icon
https://security.gentoo.org/glsa/202209-16 cve-icon cve-icon
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-26558 cve-icon
https://www.debian.org/security/2021/dsa-4951 cve-icon cve-icon
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html cve-icon cve-icon
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html cve-icon cve-icon
https://www.kb.cert.org/vuls/id/799380 cve-icon
History

Tue, 04 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-24T17:22:16.000Z

Updated: 2025-11-04T19:12:18.753Z

Reserved: 2020-10-04T00:00:00.000Z

Link: CVE-2020-26558

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-24T18:15:07.930

Modified: 2025-11-04T20:15:58.053

Link: CVE-2020-26558

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-05-24T16:00:00Z

Links: CVE-2020-26558 - Bugzilla