Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-46728: Das U-Boot FIT Signature Verification Bypass

CVE-2026-46728

Summary

Das U-Boot, a bootloader, has a security weakness that allows attackers to bypass a security check. This could potentially allow malicious code to run on devices that use this bootloader. Update to the latest version to fix this issue.

Original title

Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.

Original description

Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.

nvd CVSS3.1 8.2

Vulnerability type

CWE-346

https://github.com/barebox/barebox/security/advisories/GHSA-3fvj-q26p-j6h4
https://github.com/u-boot/u-boot/commit/2092322b31cc8b1f8c9e2e238d1043ae0637b241

Published: 16 May 2026 · Updated: 19 May 2026 · First seen: 16 May 2026