CVE-2026-25834
Received
Received - Intake
Algorithm Downgrade Vulnerability in Mbed TLS v
Publication date: 2026-04-01
Last updated on: 2026-04-06
Assigner: MITRE
Description
Description
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | mbed_tls | 4.0.0 |
| arm | mbed_tls | From 3.3.0 (inc) to 3.6.6 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25834 is a vulnerability in Mbed TLS versions 3.3.0 up to 3.6.5 and 4.0.0 that allows an Algorithm Downgrade attack.
How can this vulnerability impact me? :
An Algorithm Downgrade vulnerability can allow an attacker to force the use of weaker cryptographic algorithms during secure communications, potentially compromising the confidentiality and integrity of data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70