CVE-2026-1354

Name of the Vulnerable Software and Affected Versions Zero Motorcycles firmware versions 44 and prior

Description An issue in the Bluetooth pairing process allows an attacker in close proximity to forcibly pair a device with the motorcycle while it is in pairing mode. Once paired, the attacker can use the over-the-air firmware updating functionality to upload malicious firmware to the vehicle. Real-world incidents have occurred where this was exploited to compromise vehicle functions.

Recommendations Update firmware to a version later than 44.