CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-45702

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFA_MEM_SHARE request from the normal world. This only applies when OP-TEE is configured as an SPMC for S-EL0 SPs, that is, with `CFG_CORE_SEL1_SPMC=y` and `CFG_SECURE_PARTITION=y`. Version 4.11.0 fixes the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.6%

CVSS Severity

CVSS v3 Score 4.4

References

https://github.com/OP-TEE/optee_os/security/advisories/GHSA-86pj-8xgw-66p5

Products affected by CVE-2026-45702

Linaro » Op-Tee » Version: 4.10.0

cpe:2.3:o:linaro:op-tee:4.10.0
Linaro » Op-Tee » Version: 4.3.0

cpe:2.3:o:linaro:op-tee:4.3.0
Linaro » Op-Tee » Version: 4.4.0

cpe:2.3:o:linaro:op-tee:4.4.0
Linaro » Op-Tee » Version: 4.5.0

cpe:2.3:o:linaro:op-tee:4.5.0
Linaro » Op-Tee » Version: 4.6.0

cpe:2.3:o:linaro:op-tee:4.6.0
Linaro » Op-Tee » Version: 4.7.0

cpe:2.3:o:linaro:op-tee:4.7.0
Linaro » Op-Tee » Version: 4.8.0

cpe:2.3:o:linaro:op-tee:4.8.0
Linaro » Op-Tee » Version: 4.9.0

cpe:2.3:o:linaro:op-tee:4.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-45702

Products

Pricing

Contact Us