CVE-2026-6458
Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...