Vulnerability in Espressif IoT Development Framework affecting secure-service wrappers
CVE-2026-45328
9.3CRITICAL
What is CVE-2026-45328?
The Espressif IoT Development Framework (ESP-IDF) has a reported vulnerability in its esp_tee component, specifically affecting the secure-service wrappers found in esp_secure_services.c and esp_secure_services_iram.c. This vulnerability allows unauthorized access to the secure services that provide critical hardware-level security features, including cryptographic operations and secure storage functionalities. Espressif has addressed this issue in the latest versions, 5.5.5 and 6.0.1, ensuring enhanced security against potential exploits.
Affected Version(s)
esp-idf = 5.5.4 = 5.5.4
esp-idf = 6.0 = 6.0
