๐Ÿ” CVE Alert

CVE-2026-46728

HIGH 8.2
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th

Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.

CWE CWE-346
Vendor denx
Product u-boot
Published May 16, 2026
Last Updated May 16, 2026
Stay Ahead of the Next One

Get instant alerts for denx u-boot

Be the first to know when new high vulnerabilities affecting denx u-boot are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

denx / U-Boot
0 < 2026.04

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/barebox/barebox/security/advisories/GHSA-3fvj-q26p-j6h4 github.com: https://github.com/u-boot/u-boot/commit/2092322b31cc8b1f8c9e2e238d1043ae0637b241