Creative Sound Blaster Katana V2X firmware flaw allows remote keyboard injection into Windows PCs

A security researcher published detailed reverse engineering analysis on June 3, 2026, showing how the Katana V2X soundbar's USB HID implementation contains input validation flaws. Attackers can inject malicious audio metadata through Bluetooth or Wi-Fi to trigger buffer overflows, allowing arbitrary keyboard and mouse commands on connected systems with no user action required. Bluetooth attacks work from 100 meters away. Creative Labs has not yet issued a security patch.