Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.2
Das U-Boot FIT Signature Verification Bypass
DEBIAN-CVE-2026-46728
Summary
Das U-Boot's FIT (Flat Image Tree) signature verification can be bypassed, allowing attackers to modify images without being detected. This affects the security of Das U-Boot's boot process. To fix this, update to the latest version of Das U-Boot, released after April 2026.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | u-boot | All versions |
| Debian:12 | debian | u-boot | All versions |
| Debian:13 | debian | u-boot | All versions |
| Debian:14 | debian | u-boot | All versions |
Original title
Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
Original description
Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
- https://security-tracker.debian.org/tracker/CVE-2026-46728 Vendor Advisory
Published: 16 May 2026 · Updated: 21 May 2026 · First seen: 17 May 2026