MEDIUM
Caliptra
CVE published 2026-06-24
CVE-2026-6458
A medium severity vulnerability, CVE-2026-6458, was found in Caliptra Core Firmware. The issue arises from a missing cryptographic step in the aes_256_gcm_update module, resulting in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude the first batch o [truncated]