CVE-2026-5818 PUBLISHED

MCU Firmware Update Authentication Bypass on Caliptra Core

Assigner: Caliptra
Reserved: 08.04.2026 Published: 23.06.2026 Updated: 24.06.2026

Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update.

This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

Metrics

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 7.2

Product Status

Vendor Caliptra
Product Core Runtime Firmware
Versions Default: unaffected
  • affected from 2.0.0 to 2.0.1 (incl.)
  • Version 2.1.0 is affected
  • Version 2.0.2 is unaffected
  • Version 2.1.1 is unaffected

Credits

  • NVIDIA Offensive Security Research (OSR) team finder

References

Problem Types

  • CWE-253 Incorrect check of function return value CWE

Impacts

  • CAPEC-115 Authentication Bypass