CVE-2026-5818

high

Description

Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

References

https://github.com/chipsalliance/caliptra-sw/security/advisories/GHSA-456r-gcjr-6rxq

Details

Source: Mitre, NVD

Published: 2026-06-24

Updated: 2026-06-24

CVSS v4

Base Score: 7.2

Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

Severity: High

Detections

Analytics