๐Ÿ” CVE Alert

CVE-2026-13199

MEDIUM 4.0

Insufficient Entropy in Raspberry Pi 5 and Compute Module 5

CVSS Score
4.0
EPSS Score
0.1%
EPSS Percentile
2th

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.

CWE CWE-331
Vendor raspberry pi
Product raspberry pi 5 and compute module 5
Published Jul 7, 2026
Last Updated Jul 7, 2026
Stay Ahead of the Next One

Get instant alerts for raspberry pi raspberry pi 5 and compute module 5

Be the first to know when new medium vulnerabilities affecting raspberry pi raspberry pi 5 and compute module 5 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Raspberry Pi / Raspberry Pi 5 and Compute Module 5
0 < 28.22-1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/raspberrypi/rpi-eeprom/pull/841 nozominetworks.com: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-13199

Credits

Gabriele Quagliarella at Nozomi Networks