PT-2026-29589 · Arm · Mbed Tls+1

0Xiviel

Published

2026-04-01

Updated

2026-05-07

CVE-2026-34872

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 3.5.x and 3.6.x through 3.6.5 TF-PSA-Crypto version 1.0

Description A flaw exists due to improper input validation in Finite-Field Diffie-Hellman (FFDH), leading to a lack of contributory behavior. An attacker can manipulate the shared secret to a limited set of values. This is a concern for protocols relying on contributory behavior. The attack can be initiated by the peer or an active network attacker.

Recommendations Update Mbed TLS to a version later than 3.6.5. Update TF-PSA-Crypto to a version later than 1.0.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2026-34872

ECHO-8E44-1E55-58A6

JLSEC-2026-466

OPENSUSE-SU-2026:10498-1

Affected Products

Mbed Tls

Tf-Psa-Crypto

PT-2026-29589 · Arm · Mbed Tls+1

CVE-2026-34872

Weakness Enumeration

Related Identifiers

Affected Products

References · 23