CVE-2026-34872 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 1, 2026
Mbed TLS - Weak Cryptography
Overview
Mbed TLS 3.5.x, 3.6.x through 3.6.5, and TF-PSA-Crypto 1.0 contain a lack of contributory behavior vulnerability caused by improper input validation in finite-field Diffie-Hellman, letting peers or active network attackers force shared secrets into a small set of values, exploit requires interaction with the protocol.
Severity & Score
Impact
Attackers can force shared secrets into limited values, weakening cryptographic security and potentially enabling man-in-the-middle attacks.
Mitigation
Update to the latest version of Mbed TLS and TF-PSA-Crypto.
References
Social Media Activity(2 posts)
š“ CVE-2026-34872 - Critical (9.1) An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared sec... š https://www.thehackerwire.com/vulnerability/CVE-2026-34872/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-34872 - Critical (9.1) An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared sec... š https://www.thehackerwire.com/vulnerability/CVE-2026-34872/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-34872
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- weak_cryptography
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-347
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N