Main Vulnerability Database Vulnerabilities #VU123007

Authentication bypass using an alternate path or channel in Car Alarm System KE700 - CVE-2026-2540

Published: February 18, 2026

Vulnerability identifier: #VU123007

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2026-2540

CWE-ID: CWE-288

Exploitation vector: Adjecent network

Exploit availability: Public exploit is available

Vendor: Micca Auto Electronics

Affected software:
Car Alarm System KE700

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the authentication bypass using an alternate path or channel in the alarm system’s receiver. A remote attacker on the local network can capture and replay previously transmitted signals to clone the alarm key and gain access to the vehicle to unlock or lock the doors.

How to mitigate CVE-2026-2540

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://asrg.io/security-advisories/cve-2026-2540/

Authentication bypass using an alternate path or channel in Car Alarm System KE700 - CVE-2026-2540

Detailed vulnerability description

How to mitigate CVE-2026-2540

Sources

Please verify you're human