HIGH
denx
CVE published 2026-05-16
CVE-2026-46728
CVE-2026-46728 is a high-severity U-Boot issue affecting FIT (Flat Image Tree) signature verification in versions before 2026.04. The supplied record says hashed-nodes is omitted from a hash, which can allow a verification bypass and weaken the integrity of signed boot images. Because this sits in the boot trust path, it deserves prompt review in any deployment that relies on U-Boot FIT signatures.