Description
Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update.

This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.
Published: 2026-06-23
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw occurs when Caliptra Core Runtime Firmware incorrectly checks a function return value in the ActivateFirmwareCmd::activate_fw module. This oversight allows an attacker to bypass the Core’s verification of the MCU firmware during a hitless update, enabling replacement of legitimate firmware with malicious or tampered code. The weakness corresponds to CWE‑253, a failure to verify a critical return value, which directly undermines firmware integrity and authenticity.

Affected Systems

The vulnerability affects Caliptra’s Core Runtime Firmware versions 2.0.0 through 2.0.1 and 2.1.0.

Risk and Exploitability

Based on the description, it is inferred that the attacker must initiate a firmware update to exploit the flaw, implying that local or privileged network access to the update interface is required. The CVSS score of 7.2 places the issue in the high severity range, while the EPSS score is unavailable and the vulnerability is not listed in CISA KEV. Once the update process is compromised, an attacker can inject malicious firmware, gaining persistent control over the device.

Generated by OpenCVE AI on June 24, 2026 at 09:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Core Runtime Firmware to a version newer than 2.1.0 that contains the fix.
  • Verify the cryptographic integrity of any firmware image before activation, ensuring that both the signature and hash match the expected values.
  • Restrict the firmware update interface to a secure, authenticated channel and enforce checks that reject any firmware that does not meet the embedded authenticity criteria.

Generated by OpenCVE AI on June 24, 2026 at 09:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Caliptra
Caliptra core Runtime Firmware
Vendors & Products Caliptra
Caliptra core Runtime Firmware

Wed, 24 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Description Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.
Title MCU Firmware Update Authentication Bypass on Caliptra Core
Weaknesses CWE-253
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H'}


Subscriptions

Caliptra Core Runtime Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Caliptra

Published:

Updated: 2026-06-24T13:04:40.166Z

Reserved: 2026-04-08T15:45:10.928Z

Link: CVE-2026-5818

cve-icon Vulnrichment

Updated: 2026-06-24T13:04:36.471Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:05:22Z

Weaknesses
  • CWE-253

    Incorrect Check of Function Return Value