Cyber Resilience

CVE-2026-34873

CriticalUpdated

Published: 01 April 2026

Published
01 April 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0024 15.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-34873 is a critical-severity Improper Authentication (CWE-287) vulnerability in Trustedfirmware Mbed Tls. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-34873 is a vulnerability discovered in Mbed TLS versions 3.5.0 through 4.0.0 that enables client impersonation during the resumption of a TLS 1.3 session. Published on 2026-04-01, it is classified under CWE-287 (Improper Authentication) and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to its potential for high confidentiality and integrity impacts.

Remote attackers can exploit this issue without privileges or user interaction, as it requires only network access and low attack complexity. By impersonating a legitimate client during TLS 1.3 session resumption, adversaries can achieve unauthorized access to sensitive data or manipulate communications, compromising both confidentiality and integrity while leaving availability unaffected.

Mitigation details are provided in the official Mbed TLS security advisories, accessible at https://mbed-tls.readthedocs.io/en/latest/security-advisories/ and the specific advisory at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/. Security practitioners should consult these for patching instructions and workarounds applicable to affected versions.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables remote exploitation of improper authentication in a TLS library (Mbed TLS) to impersonate clients during TLS 1.3 session resumption, directly facilitating unauthorized access via network exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-34876Same product: Trustedfirmware Mbed Tls
CVE-2026-34874Same product: Trustedfirmware Mbed Tls
CVE-2026-25833Same product: Trustedfirmware Mbed Tls
CVE-2026-34875Same product: Trustedfirmware Mbed Tls
CVE-2026-34877Same product: Trustedfirmware Mbed Tls
CVE-2025-1044Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2026-7022Shared CWE-287
CVE-2024-13111Shared CWE-287
CVE-2026-29145Shared CWE-287

Affected Assets

trustedfirmware
mbed tls
3.5.0 — 3.6.6 · 4.0.0 — 4.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, reporting, and correction of flaws like CVE-2026-34873 in Mbed TLS to prevent client impersonation during TLS 1.3 session resumption.

prevent

Mandates protection of communications session authenticity, directly countering the improper authentication vulnerability enabling client impersonation in TLS 1.3 resumption.

prevent

Requires implementation of cryptographic mechanisms to protect transmission confidentiality and integrity, addressing flaws in TLS libraries like Mbed TLS through proper selection and updates.

References