Question 1

What is CVE-2026-5818 — CVE-2026-5818?

Accepted Answer

Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

Question 2

What is the authoritative source for CVE-2026-5818?

Accepted Answer

CVE-2026-5818 (CVE-2026-5818) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2026-5818CVE-2026-5818

Description

Scoring