Cyber Resilience

CVE-2026-34872

Critical

Published: 01 April 2026

Published
01 April 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0020 10.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-34872 is a critical-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Arm Mbed Tls. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Reduce Key Space (T1600.001); ranked at the 10.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-34872 affects Mbed TLS versions 3.5.x and 3.6.x through 3.6.5, as well as TF-PSA-Crypto 1.0. The vulnerability arises from improper input validation in finite-field Diffie-Hellman (FFDH), resulting in a lack of contributory behavior. This allows the other party to force the shared secret into a small set of values during key exchange, undermining security properties that depend on each party contributing unpredictably to the secret (CWE-347). The issue has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

An attacker acting as the peer in an FFDH key exchange can exploit this remotely with low complexity and no privileges required. Depending on the protocol, an active network attacker performing a man-in-the-middle interception may also carry out the attack. Successful exploitation forces the shared secret into a predictable small set, enabling high confidentiality and integrity impacts for affected protocols. TLS is explicitly unaffected, as it does not rely on contributory behavior.

Mitigation guidance is detailed in the Mbed TLS security advisories, accessible at https://mbed-tls.readthedocs.io/en/latest/security-advisories/ and the FFDH peer key checks advisory at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-peerkey-checks/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret…

more

into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1600.001 Reduce Key Space Defense Impairment
Adversaries may reduce the level of effort required to decrypt data transmitted over the network by reducing the cipher strength of encrypted communications.
Why these techniques?

The vulnerability directly enables reduction of the effective key space by allowing an attacker to force the FFDH shared secret into a small, predictable set of values during key exchange.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-47917Same product: Arm Mbed Tls
CVE-2026-25835Same product: Arm Mbed Tls
CVE-2025-0647Same vendor: Arm
CVE-2024-11864Same vendor: Arm
CVE-2025-0015Same vendor: Arm
CVE-2026-34877Same product: Arm Mbed Tls
CVE-2026-45575Shared CWE-347
CVE-2024-13172Shared CWE-347
CVE-2026-4600Shared CWE-347
CVE-2026-23992Shared CWE-347

Affected Assets

arm
mbed tls
≤ 3.6.6
arm
tf-psa-crypto
1.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely flaw remediation, including patching vulnerable Mbed TLS versions to fix improper FFDH input validation.

prevent

Ensures cryptographic keys are established and managed using approved methods with peer validation in Diffie-Hellman exchanges to maintain contributory behavior.

prevent

Requires validation of information inputs to cryptographic functions, such as FFDH peer public keys, to block invalid inputs that force weak shared secrets.

References