Unbounded Recursion Vulnerability in OP-TEE Trusted Execution Environment
CVE-2026-41434
3.3LOW
What is CVE-2026-41434?
The OP-TEE Trusted Execution Environment, designed to operate alongside a non-secure Linux kernel on Arm Cortex-A cores, is susceptible to an unbounded recursion flaw. This vulnerability affects versions starting from 3.10.0 and running through to the patched version 4.11.0. When exploited, it can lead to a crash of the PKCS#11 Trusted Application (TA), thereby disrupting the intended secure operations of the environment. Users are encouraged to upgrade to version 4.11.0, as no workarounds are presently available.
Affected Version(s)
optee_os >= 3.10.0, < 4.11.0
