CVE-2026-6458
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
A missing cryptographic step in Caliptra Core Firmware leads to an incorrect GCM authentication tag. Using the AES-256-GCM API with empty AAD results in the GHASH accumulator state not being saved after the first update call, causing the final tag to exclude the first batch of processed ciphertext.
Risk Assessment
Organizations may be exposed to modifications of ciphertext without the tag reflecting the changes, potentially leading to serious data security vulnerabilities.
Recommendation
It is recommended to update the firmware to a version that addresses this vulnerability and to monitor the use of the AES-256-GCM API to ensure data integrity.
Original NVD description (English source)
Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude the first batch of processed ciphertext. Ciphertext produced by that call may be modified without the tag reflecting the change. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

