CWE-1326: Missing Immutable Root of Trust in Hardware
A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.
Last updated
Overview
A System-on-Chip (SoC) implements secure boot by verifying or authenticating signed boot code. The signing of the code is achieved by an entity that the SoC trusts. Before executing the boot code, the SoC verifies that the code or the public key with which the code has been signed has not been tampered with. The other data upon which the SoC depends are system-hardware settings in fuses such as whether "Secure Boot is enabled". These data play a crucial role in establishing a Root of Trust (RoT) to execute secure-boot flows. One of the many ways RoT is achieved is by storing the code and data in memory or fuses. This memory should be immutable, i.e., once the RoT is programmed/provisioned in memory, that memory should be locked and prevented from further programming or writes. If the memory contents (i.e., RoT) are mutable, then an adversary can modify the RoT to execute their choice of code, resulting in a compromised secure boot. Note that, for components like ROM, secure patching/update features should be supported to allow authenticated and authorized updates in the field.
Real-world CVEs
8 recorded CVEs are caused by CWE-1326 (Missing Immutable Root of Trust in Hardware). The highest-severity and most recent are shown first. 0 new CWE-1326 CVEs have been recorded so far in 2026 (4 in 2025).
- CVE-2025-5834
Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
High · CVSS 7.8 · EPSS 15th2025-06-25 - CVE-2025-2762
CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
High · CVSS 7.8 · EPSS 7th2025-04-23 - CVE-2024-8357High · CVSS 7.8 · EPSS 24th2024-11-22
- CVE-2024-32742High · CVSS 7.6 · EPSS 32th2024-05-14
- CVE-2024-30111High · CVSS 7.5 · EPSS 24th2024-06-28
- CVE-2025-34502
Shuffle Master Deck Mate 2 Missing Secure Boot
High · CVSS 7.0 · EPSS 10th2025-10-24 - CVE-2022-38773Medium · CVSS 6.8 · EPSS 21th2023-01-10
- CVE-2025-31929Medium · CVSS 4.1 · EPSS 6th2025-05-13
Common consequences
What can happen when CWE-1326 is exploited.
Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Modify Memory
Affects: Authentication, Authorization
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-1326, grouped by where in the lifecycle they apply.
When architecting the system, the RoT should be designated for storage in a memory that does not allow further programming/writes.
During implementation and test, the RoT memory location should be demonstrated to not allow further programming/writes.
How to detect it
Automated Dynamic Analysis
Automated testing can verify that RoT components are immutable.
Effectiveness: High
Architecture or Design Review
Root of trust elements and memory should be part of architecture and design reviews.
Effectiveness: High
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
The RoT is stored in memory. This memory can be modified by an adversary. For example, if an SoC implements "Secure Boot" by storing the boot code in an off-chip/on-chip flash, the contents of the flash can be modified by using a flash programmer. Similarly, if the boot code is stored in ROM (Read-Only Memory) but the public key or the hash of the public key (used to enable "Secure Boot") is stored in Flash or a memory that is susceptible to modifications or writes, the implementation is vulnerable.
The example code below is a snippet from the bootrom of the HACK@DAC'19 buggy OpenPiton SoC [REF-1348]. The contents of the bootrom are critical in implementing the hardware root of trust.
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1326.
- What is CWE-1326?
- A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.
- What CVEs are caused by CWE-1326?
- 8 recorded CVEs are attributed to CWE-1326, including CVE-2025-5834, CVE-2025-2762, CVE-2024-8357.
- How do you prevent CWE-1326?
- When architecting the system, the RoT should be designated for storage in a memory that does not allow further programming/writes.
- How is CWE-1326 detected?
- Automated Dynamic Analysis: Automated testing can verify that RoT components are immutable.
- What are the consequences of CWE-1326?
- Exploiting CWE-1326 can lead to: Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Modify Memory.
- Is CWE-1326 actively exploited?
- 8 recorded CVEs are caused by CWE-1326; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1326) (opens in a new tab)
- CWE-1326 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1326
Get alerted the moment a new CWE-1326 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.