CVE-2026-5818
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
Incorrect check of function return value in Caliptra Core Runtime Firmware allows bypass of MCU FW verification during hitless updates.
Risk Assessment
The organization may be at risk of introducing unauthorized firmware, potentially leading to serious security issues.
Recommendation
It is recommended to update the firmware to a version that is not vulnerable to this issue to ensure proper MCU firmware verification.
Original NVD description (English source)
Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

