CVE-2026-34876
Published: 02 April 2026
Summary
CVE-2026-34876 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Arm Mbed Tls. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses this CVE by requiring timely patching of vulnerable Mbed TLS versions to versions like 3.6.6 that include tag_len validation.
Information input validation requires applications to check the tag_len parameter before invoking mbedtls_ccm_finish(), mitigating oversized inputs that trigger the out-of-bounds read.
Memory protection mechanisms such as address space layout randomization and non-executable memory help contain the impact of the out-of-bounds read in the CCM context buffer.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remotely exploitable out-of-bounds read in Mbed TLS (triggerable via multipart CCM API with no auth or interaction) directly enables exploitation of public-facing applications for high-impact data disclosure.
NVD Description
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is…
more
caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Deeper analysisAI
CVE-2026-34876 is an out-of-bounds read vulnerability in the mbedtls_ccm_finish() function within library/ccm.c of Mbed TLS 3.x versions before 3.6.6. The flaw arises from a missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer, allowing attackers to access adjacent CCM context data when invoking the public multipart CCM API with an oversized tag_len. The issue also exists internally in Mbed TLS 4.x versions prior to their respective fixes, though it is not exposed via the public API in those versions. Exploitation specifically requires application-level use of the multipart CCM API.
Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction, as indicated by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). By supplying an oversized tag_len to mbedtls_ccm_finish(), attackers can trigger the out-of-bounds read (CWE-125), potentially disclosing sensitive adjacent data from the CCM context, leading to high confidentiality impact without affecting integrity or availability.
The Mbed TLS security advisory at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ccm-finish-boundary-check/ and related updates at https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/ detail mitigation through upgrading to Mbed TLS 3.6.6 or later for the 3.x series, which includes validation of the tag_len parameter. Applications using the multipart CCM API should validate inputs and update libraries promptly to prevent exploitation.
Details
- CWE(s)