CVE-2026-34877

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.19.0 through 3.6.5, Mbed TLS version 4.0.0

Description A flaw exists in Mbed TLS that, due to insufficient protection of serialized SSL context or session structures, could allow an attacker who can modify these structures to cause memory corruption, potentially leading to arbitrary code execution. This is a result of Incorrect Use of Privileged APIs.

Recommendations Update to a version beyond 3.6.5. Update to a version beyond 4.0.0.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250CWE-502

Related Identifiers

CVE-2026-34877

OPENSUSE-SU-2026:10498-1

Affected Products

Mbed Tls

CVE-2026-34877

Weakness Enumeration

Related Identifiers

Affected Products

References · 20