CWE-1326 – Missing Immutable Root of Trust in Hardware | Common Weakness Enumeration (CWE)

Overview

CWE-1326 (Missing Immutable Root of Trust in Hardware) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	Security Hardware	—	Undetermined	—
technology	—	Not Technology-Specific	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2025-34503	2025-10-24	Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code tha…
CVE-2025-34502	2025-10-24	Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can mo…
CVE-2025-5834	2025-06-25	Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations…
CVE-2025-31929	2025-05-13	A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cab…
CVE-2025-2762	2025-04-23	CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCP…
CVE-2024-8357	2024-11-22	Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installa…
CVE-2024-30111	2024-06-28	HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauth…
CVE-2024-32742	2024-05-14	A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misus…
CVE-2022-38773	2023-01-10	Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical acce…

Content submission

Name: Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna
Organization: Intel Corporation
Date: 2020-04-25
Version: 4.3

Content modifications

Date	Name	Version	Importance	Comment
2021-10-28	CWE Content Team	4.6	—	updated Demonstrative_Examples
2022-04-28	CWE Content Team	4.7	—	updated Applicable_Platforms, Related_Attack_Patterns
2022-06-28	CWE Content Team	4.8	—	updated Applicable_Platforms, Modes_of_Introduction
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2023-10-26	CWE Content Team	4.13	—	updated Demonstrative_Examples, References
2025-12-11	CWE Content Team	4.19	—	updated Weakness_Ordinalities

Contributions

Type	Name	Date	Comment
Content	Shaza Zeitouni, Mohamadreza Rostami, Pouya Mahmoody, Ahmad-Reza Sadeghi	2023-06-21	suggested demonstrative example
Content	Rahul Kande, Chen Chen, Jeyavijayan Rajendran	2023-06-21	suggested demonstrative example