CVE Catalog

CVE-2026-5818

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

Incorrect check of function return value in Caliptra Core Runtime Firmware allows bypass of MCU FW verification during hitless updates.

Risk Assessment

The organization may be at risk of introducing unauthorized firmware, potentially leading to serious security issues.

Recommendation

It is recommended to update the firmware to a version that is not vulnerable to this issue to ensure proper MCU firmware verification.

Original NVD description (English source)

Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS