CVE-2026-45328
Published: Wed, 10 Jun 2026 02:16
Summary
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_servic
Details
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the security feature like attestation, OTA updates, secure storage. This issue has been patched in versions 5.5.5 and 6.0.1.
Are YOU affected by CVE-2026-45328?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether CVE-2026-45328 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
References
- https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f
- https://github.com/espressif/esp-idf/commit/440a5d1906502023f2a0fb0aecbdf0602d14acbf
- https://github.com/espressif/esp-idf/commit/764626a1b7c85b943d207da08a2f8f7d7f3def4d
- https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b
- https://github.com/espressif/esp-idf/commit/afd14ab113acd0ca369965404c99ac42e74d4fcd
- https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6
- https://github.com/espressif/esp-idf/security/advisories/GHSA-mmgp-73p4-92xp
StackPatch runs this match against YOUR installed packages every hour
Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.