CVE-2026-6458

UNKNOWN 0.0

AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude the first batch of processed ciphertext. Ciphertext produced by that call may be modified without the tag reflecting the change. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

CWE	CWE-325
Vendor	caliptra
Product	core runtime firmware
Published	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for caliptra core runtime firmware

Be the first to know when new unknown vulnerabilities affecting caliptra core runtime firmware are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Caliptra / Core Runtime Firmware

2.0.0 ≤ 2.0.1 2.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/chipsalliance/caliptra-sw/security/advisories/GHSA-834g-h5x6-2hqr

Credits

NVIDIA Offensive Security Research (OSR) team