CRITICALCVE-2026-34877Published 2026-04-02Modified 2026-04-02CNA mitre

CVE-2026-34877: An issue was discovered in Mbed TLS versions from 2

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is caused by Incorrect Use of Privileged APIs.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

mbed-tls.readthedocs.io
mbed-tls.readthedocs.io

Metrics