CVE-2026-4272 is a vulnerability categorized under CWE-306 (Missing Authentication for Critical Function) found in Honeywell handheld barcode scanners. The flaw allows an unauthenticated remote attacker within Bluetooth range of the scanner's base station to execute system commands on the connected host system. This affects multiple hardware bases: C1 Base (Ingenic x1000) versions before GK000432BAA, D1 Base (Ingenic x1600) versions before HE000085BAA, and A1/B1 Base (IMX25) versions before BK000763BAA_BK000765BAA_CU000101BAA. The CVSS v3.1 score is 8.1, indicating high severity, with network attack vector, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality and integrity but no impact on availability. Honeywell advises upgrading to the latest versions to mitigate the issue. However, no explicit patch or remediation details are provided in the available data.

The vulnerability allows a remote attacker within Bluetooth range to execute system commands on the host connected to the vulnerable scanner's base station without authentication. This can lead to unauthorized control over the host system, compromising confidentiality and integrity. The CVSS score of 8.1 reflects a high impact on confidentiality and integrity, with no impact on availability. There are no known exploits in the wild reported at this time.

Honeywell strongly recommends upgrading to the latest versions of the affected handheld scanner bases to resolve this vulnerability. Since no explicit patch or remediation level is provided, users should consult Honeywell's official advisories or support channels for the latest firmware or software updates. Until patched, restricting Bluetooth access to trusted devices and limiting physical proximity to the scanner base stations may reduce risk.