CVE-2026-34877 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 2, 2026
Mbed TLS - Remote Code Execution
Published: April 2, 2026Updated: April 2, 2026Remote Exploitable
Overview
Mbed TLS 2.19.0 to 3.6.5 and 4.0.0 contain a remote code execution caused by insufficient protection of serialized SSL context or session structures due to incorrect use of privileged APIs, letting attackers induce memory corruption by modifying serialized structures, exploit requires ability to modify serialized structures.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can induce memory corruption and execute arbitrary code remotely by modifying serialized SSL context or session structures.
Mitigation
Update to the latest version beyond 4.0.0.
References
Related Resources
Details
- CVE ID
- CVE-2026-34877
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- new
CWE
- CWE-250
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H