Unbounded Recursion Vulnerability in OP-TEE Trusted Execution Environment
CVE-2026-41434

3.3LOW

Key Information:

Vendor

Op-tee

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-41434?

The OP-TEE Trusted Execution Environment, designed to operate alongside a non-secure Linux kernel on Arm Cortex-A cores, is susceptible to an unbounded recursion flaw. This vulnerability affects versions starting from 3.10.0 and running through to the patched version 4.11.0. When exploited, it can lead to a crash of the PKCS#11 Trusted Application (TA), thereby disrupting the intended secure operations of the environment. Users are encouraged to upgrade to version 4.11.0, as no workarounds are presently available.

Affected Version(s)

optee_os >= 3.10.0, < 4.11.0

References

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.