Back

Bluetooth Vulnerability in Zero Motorcycles Poses Safety Risks

Severity: Medium (Score: 57.8)

Sources: Scworld, Escudodigital, www.securityweek.com

Summary

A vulnerability (CVE-2026-1354) affecting electric motorcycles from Zero Motorcycles has been identified, allowing attackers within Bluetooth range to gain unauthorized access to the vehicle's Bluetooth functions. This flaw, present in firmware version 44 and earlier, enables malicious firmware uploads that could manipulate critical safety features such as torque output and regenerative braking, potentially leading to dangerous vehicle behavior at high speeds. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has classified this vulnerability as medium severity. A firmware update is expected to be released in May 2026 to address this issue. Users are advised to secure their motorcycles by connecting them to their phones in safe locations to prevent unauthorized access. Additionally, a separate but related vulnerability affecting Yadea scooters has been reported, highlighting broader security concerns in electric vehicles. Key Points: • CVE-2026-1354 allows Bluetooth access to Zero Motorcycles, risking rider safety. • Attackers can upload malicious firmware affecting critical vehicle functions. • A firmware patch is expected in May 2026; users should secure their bikes in the meantime.

Key Entities

  • Malware (attack_type)
  • Bureau Veritas Cybersecurity (company)
  • CISA (company)
  • Yadea (company)
  • Zero Motorcycles (company)
  • CVE-2025-70994 (cve)
  • CVE-2026-1354 (cve)
  • CWE-287 - Improper Authentication (cwe)
  • Bluetooth (platform)
  • Cellular Modem (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed