CVE Tools

Home/Vulnerability/CVE-2026-45329

CVE-2026-45329

ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

Published: Jun 10, 2026Updated: Jun 10, 2026 Sources: CVE List NVD

7.1CVSS

HIGH

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked. Because the underlying TEE-protected hardware peripherals (e.g., ECC, SHA, SPI) run in RISC-V machine mode (M-mode) with full address-space access, a caller could supply pointers into TEE-exclusive memory as inputs, causing the peripheral to read TEE memory and return results derived from it to the REE. Depending on the wrapper, the result contains raw bytes from TEE memory, a computed function of TEE memory recoverable through repeated calls, or a single bit per call that forms an oracle for incremental disclosure of TEE-resident sensitive data. This issue has been patched in versions 5.5.5 and 6.0.1.

EPSS Score

N/A

CISA KEV

Not in KEV

Exploits

No Known Exploits

Remediation

No Fix Available

CVSS Vector Breakdown

Exploitability

AV:LAttack Vector

Local

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:NUser Interaction

None

Scope

S:CScope

Changed

Impact

C:HConfidentiality

High

I:NIntegrity

None

A:NAvailability

None

Weaknesses

CWE-20 CWE-125 CWE-200

Affected Products

esp-idf

espressif

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

MITRE ATT&CK

2 techniques

Collection

Initial Access

View detailed technique mapping

References

https://github.com/espressif/esp-idf/security/advisories/GHSA-w82j-7q63-7pqm

github.com

https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f

github.com

https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b

github.com

and 1 more references View all →

Timeline

Published

Jun 10, 2026

Last Updated

Jun 10, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-45329 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

AI-powered analysis

Plain-language impact assessment and exploitation scenario

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows