CVE-2026-34872

ADVISORY - nist

Summary

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).

EPSS Score⁠: 0.00018 (0.049)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

2 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2026-34872⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-347⁠

CVSS SCORE

9.1critical

Debian

CREATED

2 months ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-34872⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDCVE-2026-34872⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2026-34872⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1287⁠

CVSS SCORE

7.5high

CVE-2026-34872

Summary

Common Weakness Enumeration (CWE)

CWE-347⁠

CWE-1287⁠

Advisories

NIST

CVSS SCORE

Debian

Ubuntu

CVSS SCORE

Red Hat

CVSS SCORE