Blue Goat CyberSMMedical Device Cybersecurity
    K
    All regulatory tracker entries
    Apr 15, 2026·CISA · KEV updateActiveHigh impact

    CISA adds widely embedded BLE pairing bypass to the KEV

    CISA added a BLE pairing bypass affecting an embedded Bluetooth stack used across consumer and medical wearables to the Known Exploited Vulnerabilities catalog.

    What changed

    • KEV listing triggers federal remediation SLAs and shifts FDA postmarket expectations from 'monitor' to 'act.'
    • Devices using the affected stack should expect questions in any open Q-sub or postmarket update letter.

    Action for manufacturers

    Run an SBOM query for the affected component, issue a VEX statement (affected / not_affected / fixed / under_investigation), and document the rationale in your postmarket file.

    Primary sources

    Related Blue Goat Cyber resources

    Ready when you are

    Get FDA cleared without the cybersecurity headaches.

    30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.