Caliptra Core Runtime Firmware

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-5818	Chipsalliance Caliptra Core Runtime Firmware		0.00	—	—		Jun 23, 2026	Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.
CVE-2026-6458	Chipsalliance Caliptra Core Runtime Firmware		0.00	—	—		Jun 23, 2026	Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the…

CVE-2026-5818Jun 23, 2026
Chipsalliance
Caliptra Core Runtime Firmware
risk 0.00cvss —epss —
Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.
CVE-2026-6458Jun 23, 2026
Chipsalliance
Caliptra Core Runtime Firmware
risk 0.00cvss —epss —
Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the…