CVE-2026-5818

UNKNOWN 0.0

MCU Firmware Update Authentication Bypass on Caliptra Core

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

CWE	CWE-253
Vendor	caliptra
Product	core runtime firmware
Published	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for caliptra core runtime firmware

Be the first to know when new unknown vulnerabilities affecting caliptra core runtime firmware are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Caliptra / Core Runtime Firmware

2.0.0 ≤ 2.0.1 2.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/chipsalliance/caliptra-sw/security/advisories/GHSA-456r-gcjr-6rxq

Credits

NVIDIA Offensive Security Research (OSR) team