CVE-2026-34876

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 3.0 through 3.6.5

Description An out-of-bounds read issue exists in the mbedtls ccm finish() function within the library/ccm.c file of Mbed TLS. This allows attackers to potentially obtain adjacent CCM context data by invoking the multipart CCM API with an oversized tag len parameter. The root cause is the lack of validation of the tag len parameter against the size of the internal 16-byte authentication buffer. The issue impacts the public multipart CCM API in Mbed TLS 3.x, where mbedtls ccm finish() can be directly called by applications.

Recommendations Update to Mbed TLS version 3.6.6 or later.