Skip to main content

Caliptra Core Firmware CVE-2026-6458

MEDIUM
Missing Cryptographic Step (CWE-325)
2026-06-23 Caliptra
5.1
CVSS 4.0 · Vendor: Caliptra
Share

Severity by source

Vendor (Caliptra) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.0 LOW

AV:A and PR:L match vendor assessment; AC:H reflects the specific streaming-API-with-empty-AAD prerequisite; S:C captures downstream integrity impact on systems trusting the RoT.

3.1 AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
4.0 AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Caliptra).

CVSS VectorVendor: Caliptra

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 24, 2026 - 00:26 vuln.today

DescriptionCVE.org

Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude the first batch of processed ciphertext. Ciphertext produced by that call may be modified without the tag reflecting the change.

This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

AnalysisAI

Broken GCM integrity in Caliptra Core Runtime Firmware 2.0.0-2.1.0 allows an adjacent, low-privileged attacker to silently tamper with ciphertext produced by the streaming AES-256-GCM API when called with empty AAD. The root defect - a missing save of the hardware GHASH accumulator state after the first streaming update call - causes the final authentication tag to exclude the first batch of processed ciphertext, nullifying the integrity guarantee of authenticated encryption for that block. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain adjacent network access with low privileges
Delivery
Identify target application calling streaming AES-256-GCM with empty AAD
Exploit
Intercept or access ciphertext output from first update call
Execution
Modify first-block ciphertext
Persist
Victim verifies authentication tag
Impact
Tampered ciphertext accepted as authentic

Vulnerability AssessmentAI

Exploitation Exploitation requires the target system to be actively using the streaming AES-256-GCM API (`aes_256_gcm_update`) with empty Associated Additional Data (AAD) - this is a specific application-level API usage pattern, not a default or universally present condition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.1 (Medium) is consistent with the actual threat model: adjacent network vector (AV:A) and low privileges required (PR:L) substantially limit the exploitable population. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with adjacent network presence and low-privileged access to a system using Caliptra's streaming AES-256-GCM with empty AAD intercepts the ciphertext produced during the first `aes_256_gcm_update` call and modifies it in transit or in storage. Because the GHASH accumulator was not checkpointed after that call, the final authentication tag does not incorporate the first block's ciphertext, and the modification passes tag verification silently. …
Remediation Consult the CHIPSALLIANCE Caliptra security advisory at https://github.com/chipsalliance/caliptra-sw/security/advisories/GHSA-834g-h5x6-2hqr for the upstream fix; a specific patched release version is not independently confirmed from the available data, so track the caliptra-sw repository for a tagged release addressing this advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6458 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy