CVE-2026-34872
Published: 01 April 2026
Summary
CVE-2026-34872 is a critical-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Arm Mbed Tls. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Reduce Key Space (T1600.001); ranked at the 4.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely flaw remediation, including patching vulnerable Mbed TLS versions to fix improper FFDH input validation.
Ensures cryptographic keys are established and managed using approved methods with peer validation in Diffie-Hellman exchanges to maintain contributory behavior.
Requires validation of information inputs to cryptographic functions, such as FFDH peer public keys, to block invalid inputs that force weak shared secrets.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables reduction of the effective key space by allowing an attacker to force the FFDH shared secret into a small, predictable set of values during key exchange.
NVD Description
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret…
more
into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Deeper analysisAI
CVE-2026-34872 affects Mbed TLS versions 3.5.x and 3.6.x through 3.6.5, as well as TF-PSA-Crypto 1.0. The vulnerability arises from improper input validation in finite-field Diffie-Hellman (FFDH), resulting in a lack of contributory behavior. This allows the other party to force the shared secret into a small set of values during key exchange, undermining security properties that depend on each party contributing unpredictably to the secret (CWE-347). The issue has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
An attacker acting as the peer in an FFDH key exchange can exploit this remotely with low complexity and no privileges required. Depending on the protocol, an active network attacker performing a man-in-the-middle interception may also carry out the attack. Successful exploitation forces the shared secret into a predictable small set, enabling high confidentiality and integrity impacts for affected protocols. TLS is explicitly unaffected, as it does not rely on contributory behavior.
Mitigation guidance is detailed in the Mbed TLS security advisories, accessible at https://mbed-tls.readthedocs.io/en/latest/security-advisories/ and the FFDH peer key checks advisory at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-peerkey-checks/.
Details
- CWE(s)