Cyber Resilience

CVE-2026-34875

CriticalUpdated

Published: 01 April 2026

Published
01 April 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0037 28.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-34875 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Trustedfirmware Mbed Tls. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-34875 is a buffer overflow vulnerability (CWE-120) discovered in Mbed TLS versions through 3.6.5 and TF-PSA-Crypto 1.0.0. The issue arises during public key export for FFDH (Finite Field Diffie-Hellman) keys, where insufficient bounds checking can lead to a buffer overflow. It has been assigned a CVSS v3.1 base score of 9.8 (Critical), reflecting network accessibility (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), and unchanged scope (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

Unauthenticated remote attackers can exploit this vulnerability over the network without user interaction. Successful exploitation could allow arbitrary code execution, data corruption, or denial of service, depending on the context in which the affected components are deployed, such as in TLS/SSL implementations or cryptographic libraries used in embedded systems, servers, or IoT devices.

Mitigation details are provided in the official Mbed TLS security advisories, available at https://mbed-tls.readthedocs.io/en/latest/security-advisories/ and specifically https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-buffer-overflow/. Security practitioners should consult these for patch availability, upgrade instructions, and workarounds for vulnerable versions.

EU & UK References

Vulnerability details

An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated buffer overflow in Mbed TLS (public-facing TLS/crypto library) directly enables exploitation of public-facing applications for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-34876Same product: Trustedfirmware Mbed Tls
CVE-2026-34873Same product: Trustedfirmware Mbed Tls
CVE-2026-34874Same product: Trustedfirmware Mbed Tls
CVE-2026-25833Same product: Trustedfirmware Mbed Tls
CVE-2026-34877Same product: Trustedfirmware Mbed Tls
CVE-2026-25835Same product: Trustedfirmware Mbed Tls
CVE-2025-70314Shared CWE-120
CVE-2026-38426Shared CWE-120
CVE-2025-29329Shared CWE-120
CVE-2025-25567Shared CWE-120

Affected Assets

trustedfirmware
mbed tls
3.5.0 — 3.6.6
trustedfirmware
tf-psa-crypto
≤ 1.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, reporting, prioritization, and correction of flaws like the buffer overflow in Mbed TLS public key export for FFDH keys.

prevent

Implements memory protections such as address space layout randomization, non-executable stacks, and canaries that mitigate exploitation of buffer overflows.

detect

Enables vulnerability scanning to identify systems using vulnerable versions of Mbed TLS or TF-PSA-Crypto affected by this CVE.

References