PatchSiren cyber security CVE debrief
CVE-2026-34874 Trustedfirmware CVE debrief
CVE-2026-34874 is a HIGH severity vulnerability in Mbed TLS, a cryptographic library developed by Trustedfirmware. The vulnerability, discovered through [source-item], allows an attacker to write to address 0 via distinguished name parsing, potentially leading to a crash or other unspecified impact. The vulnerability has a CVSS score of 7.5 and is classified as CWE-476: NULL Pointer Dereference.
- Vendor
- Trustedfirmware
- Product
- Mbed TLS
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-01
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-04-01
- Advisory updated
- 2026-06-05
Who should care
Users of Mbed TLS versions 3.5.0 through 3.6.5 and 4.0.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a NULL pointer dereference in distinguished name parsing. This occurs when the library attempts to access a NULL pointer, leading to a potential crash or other unspecified impact.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Mbed TLS version 3.6.6 or later
- Upgrade to Mbed TLS version 4.0.1 or later
- Refer to [ref-4] and [ref-5] for vendor advisories and mitigation guidance
Evidence notes
Evidence for this CVE comes from [nvd] and [cve-org].
Official resources
-
CVE-2026-34874 CVE record
CVE.org
-
CVE-2026-34874 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-34874 was published on [cvePublishedAt] and last modified on [cveModifiedAt].