Description
Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
Published: 2026-05-16
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

U‑Boot versions before 2026.04 contain a flaw in the Flat Image Tree (FIT) signature verification path where the list of hashed‑nodes is omitted from the hash computation. This weakness, classified as CWE‑346, allows an attacker to craft a malicious FIT image that still passes signature validation. By loading such a forged image, an adversary could execute arbitrary code with the privileges of the bootloader or operating system, effectively taking control of the device.

Affected Systems

Denx U‑Boot deployments older than 2026.04 are impacted. The vulnerability affects every U‑Boot build that supports FIT images for firmware updates or booting, regardless of the underlying hardware platform. No specific device models are cited, so any system using an unpatched U‑Boot source tree that uses FIT images should be considered at risk.

Risk and Exploitability

The CVSS v3 score of 8.2 indicates a high severity, while the EPSS score is unavailable and the vulnerability is not listed in CISA's KEV catalog, leaving exploitation likelihood uncertain. Based on the description, the likely attack vector is an adversary who can modify the firmware media or supply a custom FIT image to the target. Once the signature check is bypassed, the attacker can gain full control, compromising confidentiality, integrity, and availability of the device. The risk assessment suggests a substantial threat, particularly in environments where firmware authenticity cannot be guaranteed.

Generated by OpenCVE AI on May 16, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade U‑Boot to version 2026.04 or later, which restores proper hashed‑nodes verification during FIT signature checks.
  • If a timely upgrade is not possible, disable USE_UBOOT_FIT or signature verification flags in the configuration and restrict write access to the boot media so that only signed images can be loaded.
  • If a patched binary cannot be obtained, apply the commit that restores hashed‑nodes verification (see https://github.com/u-boot/u-boot/commit/2092322b31cc8b1f8c9e2e238d1043ae0637b241) to your local source tree, rebuild the bootloader, and flash the new image.

Generated by OpenCVE AI on May 16, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 16 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title FIT Signature Verification Bypass in U‑Boot

Sat, 16 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
First Time appeared Denx
Denx u-boot
Weaknesses CWE-346
CPEs cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:*
Vendors & Products Denx
Denx u-boot
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Denx U-boot
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-16T22:24:18.071Z

Reserved: 2026-05-16T21:26:48.876Z

Link: CVE-2026-46728

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-16T22:16:13.317

Modified: 2026-05-16T22:16:13.317

Link: CVE-2026-46728

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-16T23:30:33Z

Weaknesses