Home / Vulnerability Intelligence / CVE-2026-34873

CVE-2026-34873 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 2, 2026

Mbed TLS - Authentication Bypass

Published: April 1, 2026Updated: April 2, 2026Remote Exploitable

Overview

Mbed TLS 3.5.0 through 4.0.0 contains a client impersonation vulnerability caused by improper handling of TLS 1.3 session resumption, letting attackers impersonate clients during session resumption, exploit requires resuming a TLS 1.3 session.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers can impersonate clients during TLS 1.3 session resumption, potentially leading to unauthorized access or data interception.

Mitigation

Update to a version later than 4.0.0 or the latest available version.

References

https://mbed-tls.readthedocs.io/en/latest/security-advisories/
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34873
Severity: Critical
CVSS Score: 9.1
Type: broken_authentication
Status: new

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N