CVE-2026-25834Improper Certificate Validation in ARM Mbed TLS

CWE-295Improper Certificate ValidationCWE-327Use of a Broken or Risky Cryptographic AlgorithmCWE-358Improperly Implemented Security Check for Standard9 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 94.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ARM Mbed TLS
Timeline
PublishedApr 1
Latest updateApr 2

Description

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

NVDarm/mbed_tls3.3.03.6.6+1

🔴Vulnerability Details

4
OSV
CVE-2026-25834: (Mbed TLS v32026-04-02
CVEList
CVE-2026-25834: Mbed TLS v32026-04-01
OSV
CVE-2026-25834: Mbed TLS v32026-04-01
GHSA
GHSA-8j6f-944f-8jmj: Mbed TLS v32026-04-01

📋Vendor Advisories

2
Red Hat
mbedtls: Mbed TLS: Algorithm downgrade vulnerability2026-04-01
Debian
CVE-2026-25834: mbedtls - Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-25834 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-25834 micropython: Mbed TLS: Algorithm downgrade vulnerability [fedora-all]2026-04-02
CVE-2026-25834 — Improper Certificate Validation in ARM | cvebase