PatchSiren cyber security CVE debrief
CVE-2026-34871 Arm CVE debrief
CVE-2026-34871 is a MEDIUM severity vulnerability in Mbed TLS and TF-PSA-Crypto, with a CVSS score of 6.7. An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
- Vendor
- Arm
- Product
- Mbed TLS
- CVSS
- MEDIUM 6.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-01
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-04-01
- Advisory updated
- 2026-06-05
Who should care
Users of Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0 should be aware of this vulnerability.
Technical summary
The vulnerability is caused by a predictable seed in a Pseudo-Random Number Generator (PRNG) in Mbed TLS and TF-PSA-Crypto.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade Mbed TLS to version 3.6.6 or later, or 4.1.0 or later.
- Upgrade TF-PSA-Crypto to version 1.1.0 or later.
- Refer to [ref-4](https://mbed-tls.readthedocs.io/en/latest/security-advisories/) and [ref-5](https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random/) for vendor advis
Evidence notes
The vulnerability was published on 2026-04-01 and modified on 2026-06-05.
Official resources
-
CVE-2026-34871 CVE record
CVE.org
-
CVE-2026-34871 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-34871 was published on 2026-04-01T19:16:33.267Z and modified on 2026-06-05T19:40:20.693Z.