CWE-1326: Missing Immutable Root of Trust in Hardware
low-riskA missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.
Abstraction: Base
Common Consequences
Authentication
→
Gain Privileges or Assume Identity
Detection Methods
Automated Dynamic Analysis
Automated testing can verify that RoT components are immutable.
Architecture or Design Review
Root of trust elements and memory should be part of architecture and design reviews.
Real-World Examples (7)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-30111 | 3.3 | 0.4% | — |
| CVE-2022-38773 | 4.6 | 0.2% | — |
| CVE-2024-32742 | 7.6 | 0.1% | — |
| CVE-2025-31929 | 4.2 | 0.1% | — |
| CVE-2025-2762 | 7.8 | 0.1% | — |
| CVE-2025-5834 | 7.8 | 0.0% | — |
| CVE-2024-8357 | 7.8 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal