Lucene search
K

6 matches found

NVD
NVD
added 2026/06/24 12:16 a.m.8 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 12:16 a.m.8 views

CVE-2026-5818

Incorrect check of function return value in Caliptra Core Runtime Firmware ActivateFirmwareCmd::activatefw modules allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0...

7.2CVSS0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 11:50 p.m.10 views

CVE-2026-5818

The CVE-2026-5818 entry concerns the Caliptra Core Runtime Firmware and describes an incorrect return-value check in ActivateFirmwareCmd::activate_fw modules, which allows bypassing the Core’s verification of MCU firmware during a hitless update. Affected versions are Core Runtime Firmware 2.0.0 ...

7.2CVSS5.8AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 11:50 p.m.29 views

CVE-2026-5818 MCU Firmware Update Authentication Bypass on Caliptra Core

Incorrect check of function return value in Caliptra Core Runtime Firmware ActivateFirmwareCmd::activatefw modules allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0...

7.2CVSS0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 11:49 p.m.7 views

CVE-2026-6458

CVE-2026-6458 involves the Caliptra Core Firmware (aes_256_gcm_update module) where a missing cryptographic step in the streaming AES-256-GCM API with empty AAD leads to the hardware GHASH accumulator state not being saved after the first update. As a result, the final GCM authentication tag does...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51610

Name of the Vulnerable Software and Affected Versions Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 Caliptra Core Runtime Firmware version 2.1.0 Description A missing cryptographic step in the aes 256 gcm update module leads to an incorrect GCM authentication tag. When the streaming...

5.1CVSS5.7AI score0.00128EPSS
Exploits0References6
Rows per page
Query Builder