9.1

CVE-2026-34872

EPSS 0.02%
Veröffentlicht 01.04.2026 00:00:00
Zuletzt bearbeitet 03.04.2026 20:02:33
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arm ≫ Mbed Tls Version < 3.6.6

Arm ≫ Tf-psa-crypto Version1.0.0 Update-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.048

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

Vendor Advisory

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-peerkey-checks/

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-34872

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34872

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34872

EUVD