Vulnerability in Espressif IoT Development Framework affecting secure-service wrappers
CVE-2026-45328

9.3CRITICAL

Key Information:

Vendor

Espressif

Status
Vendor
CVE Published:
10 June 2026

What is CVE-2026-45328?

The Espressif IoT Development Framework (ESP-IDF) has a reported vulnerability in its esp_tee component, specifically affecting the secure-service wrappers found in esp_secure_services.c and esp_secure_services_iram.c. This vulnerability allows unauthorized access to the secure services that provide critical hardware-level security features, including cryptographic operations and secure storage functionalities. Espressif has addressed this issue in the latest versions, 5.5.5 and 6.0.1, ensuring enhanced security against potential exploits.

Affected Version(s)

esp-idf = 5.5.4 = 5.5.4

esp-idf = 6.0 = 6.0

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.