CVE-2026-34873Improper Authentication in ARM Mbed TLS

CWE-287Improper AuthenticationCWE-290Authentication Bypass by Spoofing19 documents8 sources
Severity
9.1CRITICALNVD
EPSS
0.0%
top 89.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ARM Mbed TLS
Timeline
PublishedApr 1
Latest updateApr 2

Description

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

NVDarm/mbed_tls3.5.03.6.6+1

🔴Vulnerability Details

3
OSV
CVE-2026-34873: An issue was discovered in Mbed TLS 32026-04-01
GHSA
GHSA-q24g-gcpv-7264: An issue was discovered in Mbed TLS 32026-04-01
CVEList
CVE-2026-34873: An issue was discovered in Mbed TLS 32026-04-01

📋Vendor Advisories

2
Red Hat
mbedtls: Mbed TLS: Client impersonation during TLS 1.3 session resumption2026-04-01
Debian
CVE-2026-34873: mbedtls - An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation ca...2026

🕵️Threat Intelligence

11
Wiz
CVE-2026-34873 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-34871 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-25835 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-34876 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-25833 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2026-34873 micropython: Mbed TLS: Client impersonation during TLS 1.3 session resumption [fedora-all]2026-04-02
Bugzilla
CVE-2026-34873 mbedtls: Mbed TLS: Client impersonation during TLS 1.3 session resumption [fedora-all]2026-04-02
CVE-2026-34873 — Improper Authentication in ARM | cvebase