PatchSiren cyber security CVE debrief
CVE-2026-34875 Mbed TLS CVE debrief
A buffer overflow vulnerability was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. The issue occurs in the public key export for FFDH keys. This vulnerability has a CVSS score of 9.8 and is classified as CRITICAL.
- Vendor
- Mbed TLS
- Product
- Mbed TLS
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-01
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-04-01
- Advisory updated
- 2026-06-05
Who should care
Users of Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a buffer overflow in the public key export for FFDH keys in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
high
Recommended defensive actions
- Upgrade to a version of Mbed TLS that is not vulnerable (e.g., Mbed TLS 3.6.6 or later).
- Upgrade to a version of TF-PSA-Crypto that is not vulnerable (e.g., TF-PSA-Crypto 1.1.0 or later).
Evidence notes
The vulnerability is documented in the CVE record [cve-org]. Detailed information can be found in the NVD entry [nvd].
Official resources
-
CVE-2026-34875 CVE record
CVE.org
-
CVE-2026-34875 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-34875 was published on 2026-04-01T18:16:31.433Z and modified on 2026-06-05T19:40:20.693Z.