ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the security feature like attestation, OTA updates, secure storage. This issue has been patched in versions 5.5.5 and 6.0.1.
CVE-2026-45328
This high-severity CVE scores 8.8 under NVD CVSS v3. EPSS exploit probability: 0.1%, top 97% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 8.8
- EG Score
- 8.8(medium)
- EPSS
- 2.7%
- KEV
- Not listed
Published
June 10, 2026
Last Modified
June 11, 2026
Advisory Details (7)
Auto-updated Jun 10, 2026Out-of-Bounds Write in ESP-TEE Secure Service Wrappers · Advisory · espressif/esp-idf · GitHub
https://github.com/espressif/esp-idf/security/advisories/GHSA-mmgp-73p4-92xpcommit eebabaff2fdc (espressif/esp-idf)
Fix landed in espressif/esp-idf commit eebabaff2fdc — awaiting tagged release
https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6commit afd14ab113ac (espressif/esp-idf)
Fix landed in espressif/esp-idf commit afd14ab113ac — awaiting tagged release
https://github.com/espressif/esp-idf/commit/afd14ab113acd0ca369965404c99ac42e74d4fcdcommit 7867f4a57560 (espressif/esp-idf)
Fix landed in espressif/esp-idf commit 7867f4a57560 — awaiting tagged release
https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406bcommit 764626a1b7c8 (espressif/esp-idf)
Fix landed in espressif/esp-idf commit 764626a1b7c8 — awaiting tagged release
https://github.com/espressif/esp-idf/commit/764626a1b7c85b943d207da08a2f8f7d7f3def4dcommit 440a5d190650 (espressif/esp-idf)
Fix landed in espressif/esp-idf commit 440a5d190650 — awaiting tagged release
https://github.com/espressif/esp-idf/commit/440a5d1906502023f2a0fb0aecbdf0602d14acbfcommit 145ba4c42dc8 (espressif/esp-idf)
Fix landed in espressif/esp-idf commit 145ba4c42dc8 — awaiting tagged release
https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192fWeakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 17× in last 7d / 87× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Showing the most recent 100 of 116 total refreshes for this CVE.
- 2026-07-15 16:57 UTCEPSS rescore
- 2026-07-15 16:43 UTCEG score recompute
- 2026-07-15 01:53 UTCEG score recompute
- 2026-07-14 12:46 UTCEG score recompute
- 2026-07-14 01:45 UTCEG score recompute
- 2026-07-13 22:30 UTCEPSS rescore
- 2026-07-13 14:03 UTCEG score recompute
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-13 01:05 UTCEG score recompute
- 2026-07-12 05:48 UTCEG score recompute
- 2026-07-12 05:46 UTCEPSS rescore
- 2026-07-11 18:45 UTCEG score recompute
- 2026-07-11 07:44 UTCEG score recompute
- 2026-07-10 19:15 UTCEG score recompute
- 2026-07-09 23:00 UTCEG score recompute
- 2026-07-09 19:10 UTCEPSS rescore
- 2026-07-09 08:16 UTCEG score recompute
- 2026-07-08 20:59 UTCEG score recompute
- 2026-07-08 15:16 UTCEPSS rescore
- 2026-07-08 09:23 UTCEG score recompute
- 2026-07-07 22:22 UTCEG score recompute
- 2026-07-07 13:46 UTCEPSS rescore
- 2026-07-06 16:27 UTCEPSS rescore
- 2026-07-05 22:54 UTCEG score recompute
- 2026-07-05 11:24 UTCEG score recompute
Show 75 moreShow fewer
- 2026-07-04 23:03 UTCEG score recompute
- 2026-07-04 12:01 UTCEG score recompute
- 2026-07-04 06:31 UTCEPSS rescore
- 2026-07-03 15:26 UTCEG score recompute
- 2026-07-03 01:22 UTCEG score recompute
- 2026-07-02 14:15 UTCEG score recompute
- 2026-07-02 03:14 UTCEG score recompute
- 2026-07-01 16:13 UTCEG score recompute
- 2026-07-01 05:12 UTCEG score recompute
- 2026-06-30 23:22 UTCEPSS rescore
- 2026-06-30 17:40 UTCEG score recompute
- 2026-06-30 06:00 UTCEG score recompute
- 2026-06-29 18:59 UTCEG score recompute
- 2026-06-29 14:06 UTCEPSS rescore
- 2026-06-29 14:06 UTCEPSS rescore
- 2026-06-29 06:51 UTCEG score recompute
- 2026-06-28 19:35 UTCEG score recompute
- 2026-06-28 14:07 UTCEPSS rescore
- 2026-06-28 08:33 UTCEG score recompute
- 2026-06-28 04:56 UTCEPSS rescore
- 2026-06-28 04:56 UTCEPSS rescore
- 2026-06-27 21:30 UTCEG score recompute
- 2026-06-27 10:27 UTCEG score recompute
- 2026-06-27 03:08 UTCEPSS rescore
- 2026-06-26 23:26 UTCEG score recompute
- 2026-06-26 12:24 UTCEG score recompute
- 2026-06-25 22:41 UTCEG score recompute
- 2026-06-25 13:49 UTCEPSS rescore
- 2026-06-25 11:37 UTCEG score recompute
- 2026-06-25 00:37 UTCEG score recompute
- 2026-06-24 14:05 UTCEPSS rescore
- 2026-06-24 13:35 UTCEG score recompute
- 2026-06-24 02:27 UTCEG score recompute
- 2026-06-23 21:33 UTCEPSS rescore
- 2026-06-23 21:33 UTCEPSS rescore
- 2026-06-23 15:27 UTCEG score recompute
- 2026-06-23 02:23 UTCEG score recompute
- 2026-06-22 15:19 UTCEG score recompute
- 2026-06-22 14:25 UTCEPSS rescore
- 2026-06-22 14:25 UTCEPSS rescore
- 2026-06-22 04:18 UTCEG score recompute
- 2026-06-21 16:51 UTCEG score recompute
- 2026-06-21 14:56 UTCEPSS rescore
- 2026-06-21 14:56 UTCEPSS rescore
- 2026-06-21 05:00 UTCEG score recompute
- 2026-06-21 01:59 UTCEPSS rescore
- 2026-06-20 17:34 UTCEG score recompute
- 2026-06-20 06:32 UTCEG score recompute
- 2026-06-19 19:27 UTCEG score recompute
- 2026-06-19 19:25 UTCEPSS rescore
- 2026-06-19 08:22 UTCEG score recompute
- 2026-06-18 20:44 UTCEG score recompute
- 2026-06-18 17:52 UTCEPSS rescore
- 2026-06-18 17:52 UTCEPSS rescore
- 2026-06-18 09:38 UTCEG score recompute
- 2026-06-17 22:17 UTCEG score recompute
- 2026-06-17 17:53 UTCEPSS rescore
- 2026-06-17 11:16 UTCEG score recompute
- 2026-06-17 00:16 UTCEG score recompute
- 2026-06-16 17:52 UTCEPSS rescore
- 2026-06-16 13:15 UTCEG score recompute
- 2026-06-16 02:01 UTCEG score recompute
- 2026-06-15 17:49 UTCEPSS rescore
- 2026-06-15 14:59 UTCEG score recompute
- 2026-06-15 03:58 UTCEG score recompute
- 2026-06-14 16:56 UTCEG score recompute
- 2026-06-14 05:56 UTCEG score recompute
- 2026-06-13 23:00 UTCEPSS rescore
- 2026-06-13 18:55 UTCEG score recompute
- 2026-06-13 07:53 UTCEG score recompute
- 2026-06-12 23:12 UTCEPSS rescore
- 2026-06-12 23:12 UTCEPSS rescore
- 2026-06-12 20:52 UTCEG score recompute
- 2026-06-12 09:50 UTCEG score recompute
- 2026-06-11 22:49 UTCEG score recompute▼ 0.50
Related CVEs(same CWE)
Same CWE
10 shownCWE-20 · CWE-787
Frequently asked(5)
What is CVE-2026-45328?
When was CVE-2026-45328 disclosed?
Is CVE-2026-45328 actively exploited?
What is the CVSS score of CVE-2026-45328?
How do I remediate CVE-2026-45328?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2026-45328
Is Your Infrastructure Affected by CVE-2026-45328?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.