Cyber Posture

CVE-2026-34874

High

Published: 01 April 2026

Published
01 April 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0008 23.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34874 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Arm Mbed Tls. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the NULL pointer dereference in Mbed TLS by identifying, reporting, prioritizing, and applying patches to vulnerable versions.

RA-5 Vulnerability Monitoring and Scanning good match
detect

Enables proactive detection of systems using vulnerable Mbed TLS versions through vulnerability scanning for CVE-2026-34874.

SI-5 Security Alerts, Advisories, and Directives partial match
detect

Provides timely awareness of Mbed TLS security advisories for this NULL pointer dereference, enabling rapid flaw remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

NULL pointer dereference in X.509 parsing enables remote unauthenticated exploitation causing application crash and denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.

Deeper analysisAI

CVE-2026-34874 is a NULL pointer dereference vulnerability in Mbed TLS versions through 3.6.5 and 4.x through 4.0.0. The flaw occurs during distinguished name parsing, enabling an attacker to trigger a write to address 0. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-476 (NULL Pointer Dereference). The vulnerability was published on 2026-04-01T19:16:33.390.

A remote, unauthenticated attacker can exploit this over the network with low attack complexity and no user interaction. Exploitation results in high availability impact with no confidentiality or integrity effects, typically manifesting as a denial-of-service via process crash in applications using the affected Mbed TLS library for X.509 parsing.

The Mbed TLS security advisories provide mitigation guidance, available at https://mbed-tls.readthedocs.io/en/latest/security-advisories/ and specifically at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-null-pointer-dereference-x509/.

Details

CWE(s)
CWE-476

Affected Products

arm
mbed tls
4.0.0 · 3.5.0 — 3.6.6

CVEs Like This One

CVE-2026-25833Same product: Arm Mbed Tls
CVE-2026-34873Same product: Arm Mbed Tls
CVE-2026-34877Same product: Arm Mbed Tls
CVE-2025-47917Same product: Arm Mbed Tls
CVE-2026-34876Same product: Arm Mbed Tls
CVE-2026-25835Same product: Arm Mbed Tls
CVE-2026-34872Same product: Arm Mbed Tls
CVE-2026-34875Same product: Arm Mbed Tls
CVE-2026-4652Shared CWE-476
CVE-2026-33282Shared CWE-476

References