Predictable User Key Generation in EFR32xG27 by Silicon Labs
CVE-2026-2815

8.4HIGH

Key Information:

Vendor: Silicon Labs
Status: Sisdk
Vendor: CVE Published:; 25 June 2026

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2026-2815?

The EFR32xG27 from Silicon Labs suffers from a vulnerability due to the incorrect implementation of the PUF key for user key generation. This flaw results in the generation of predictable keys, which undermines the security of devices using this system. Proper key generation practices are crucial to ensure the integrity and confidentiality of user data. It is essential for users of affected products to update their systems in accordance with advisory guidelines.

Affected Version(s)

SiSDK 0 <= 2025.12.1

References

https://siliconlabs.lightning.force.com/sfc/servlet.sheph...

vendor-advisorypermissions-required

https://github.com/SiliconLabsSoftware/sisdk-release

patch

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Feb 19, 2026

CVE-2026-2815 Data

JSON