On May 18, 2026, cybersecurity researchers from a consortium of universities disclosed a new variant of the Spectre vulnerability, designated CVE-2026-12345. This flaw affects speculative execution in modern processors from Intel, AMD, and ARM, potentially allowing attackers to access sensitive data such as passwords and encryption keys.
The vulnerability was discovered by a team at the University of Michigan and confirmed by independent researchers at TU Graz. According to their report, the attack exploits a previously unknown side channel in the CPU's branch prediction unit, bypassing existing mitigations like Retpoline and hardware fixes from 2018.
Intel and AMD have released microcode updates as of May 15, 2026, to address the issue. Users are advised to apply these patches immediately. The researchers note that the performance impact of the fix is minimal, around 2-5% on average workloads.
This discovery underscores the ongoing challenge of securing speculative execution, a technique used to improve CPU performance. The full technical details will be presented at the USENIX Security Symposium in August 2026.
