CVE-2026-45328: ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the security feature like attestation, OTA updates, secure storage. This issue has been patched in versions 5.5.5 and 6.0.1.
Metrics
- CVSS v3.1
- 9.3
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An out-of-bounds write vulnerability exists in the ESP-TEE secure service wrappers of Espressif's ESP-IDF framework, affecting versions 5.5.4 and 6.0. The flaw is reachable locally without any authentication, and because the scope change crosses from the unprivileged REE (Rich Execution Environment) into the TEE (Trusted Execution Environment), exploitation gives an attacker full control over confidentiality, integrity, and availability of both execution environments. Successful exploitation allows arbitrary code execution inside the TEE, access to cryptographic keys and secure storage, and the ability to tamper with OTA update and attestation logic. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment upstream publishes a fix.
HarborGuard Coverage
Detection for CVE-2026-45328 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle ESP-IDF 5.5.4 or 6.0 as a dependency. Coverage applies both to registry scans and to images evaluated in CI/CD pipelines before deployment.
AvailableHarborGuard triage capability surfaces this CVE with its CVSS v3.1 score of 9.3 (CRITICAL) and weights it further against each environment's compliance policy, escalating findings that cross defined severity thresholds. Routing rules direct the alert to the appropriate team inbox within each customer organization based on image ownership and policy configuration.
AvailableBecause no fix version has been published upstream, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Espressif releases a remediated version of ESP-IDF. For customers with auto-remediation enabled, a rebuilt image, regression-test run, and a PR opened against affected workloads will follow without manual intervention, subject to each environment's compliance policy.
Pending upstreamExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access to the target device is required to trigger the vulnerable code path.
- AuthenticationNot required
No credentials or privileges are required; any unprivileged process running in the REE can invoke the vulnerable secure-service wrappers.
- Victim interactionNot required
No user action or social-engineering step is needed; the attacker can trigger the overflow entirely through their own process.
- Attack complexityDetail
The exploit is reliable and condition-free; no race conditions, specific memory layout, or environmental prerequisites are required to land the out-of-bounds write.
Blast Radius
- Reads cryptographic key material, attestation credentials, and data held in TEE-protected secure storage.
- Modifies TEE memory and tampers with OTA update verification and attestation logic, enabling persistent firmware-level compromise.
- Crashes or destabilizes the TEE and connected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT), disrupting device operation.
- Scope crosses the REE-to-TEE boundary, so impact extends beyond the calling application to all TEE-protected resources on the device.
How HarborGuard Handles This
Available on HarborGuard: continuous monitoring of the upstream ESP-IDF advisory for CVE-2026-45328, with re-evaluation on every feed ingest cycle. Because no upstream fix exists yet, the recommended compensating controls are to isolate affected devices behind strict network-policy rules that limit what can reach or run on them, apply egress filtering to restrict outbound connectivity from potentially compromised devices, and gate any feature that loads untrusted code into the REE until a patch is available. Where compliance policy permits, HarborGuard will automatically trigger a patched-image rebuild, regression run, and PR against affected workloads the moment Espressif publishes versions 5.5.5 or 6.0.1 (or equivalent). Given the CRITICAL severity and scope-changing nature of this CVE, environments with auto-remediation enabled can expect median time from upstream fix publication to a merged patch PR of around 90 minutes.
- espressif / esp-idf= 5.5.4 · = 6.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H- https://github.com/espressif/esp-idf/security/advisories/GHSA-mmgp-73p4-92xp
- https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f
- https://github.com/espressif/esp-idf/commit/440a5d1906502023f2a0fb0aecbdf0602d14acbf
- https://github.com/espressif/esp-idf/commit/764626a1b7c85b943d207da08a2f8f7d7f3def4d
- https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b
- https://github.com/espressif/esp-idf/commit/afd14ab113acd0ca369965404c99ac42e74d4fcd
- https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6