CVE-2026-5818

Summary

Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update.

This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

Affected Software

VendorProductVersion RangeStatus
CaliptraCore Runtime Firmware2.0.0 <= 2.0.1affected
CaliptraCore Runtime Firmware2.1.0affected
CaliptraCore Runtime Firmware2.0.2unaffected
CaliptraCore Runtime Firmware2.1.1unaffected

Weaknesses

  • CWE-253: CWE-253 Incorrect check of function return value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References