CVE-2026-46728
HIGHU-Boot < 2026.04 - Signature Verification Bypass via Omitted Hashed-Nodes in FIT
Title source: llmDescription
Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
Scores
CVSS v3
8.2
EPSS
0.0013
EPSS Percentile
2.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-346
Status
published
Products (1)
denx/U-Boot
< 2026.04
Published
May 16, 2026
Tracked Since
May 17, 2026