ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers
CVE-2026-45328

9.3CRITICAL

Key Information:

Vendor

Espressif

Status
Esp-idf
Vendor
CVE Published:
10 June 2026

What is CVE-2026-45328?

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the security feature like attestation, OTA updates, secure storage. This issue has been patched in versions 5.5.5 and 6.0.1.

Affected Version(s)

esp-idf = 5.5.4 = 5.5.4

esp-idf = 6.0 = 6.0

References

https://github.com/espressif/esp-idf/security/advisories/...
x_refsource_CONFIRM
https://github.com/espressif/esp-idf/commit/145ba4c42dc82...
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/440a5d1906502...
x_refsource_MISC

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.