CVE-2026-34872
Contributory Behavior Flaw in Mbed TLS FFDH Enables MITM Attack
Publication date: 2026-04-01
Last updated on: 2026-04-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | mbed_tls | to 3.6.6 (exc) |
| arm | tf-psa-crypto | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34872 is a vulnerability in Mbed TLS related to the Finite Field Diffie-Hellman (FFDH) key exchange. It occurs due to improper input validation, which causes a lack of contributory behavior in the FFDH implementation. This means that during the cryptographic key exchange, the other party can force the shared secret into a small set of values, weakening the security of the protocol.
This issue affects Mbed TLS versions 3.5.x and 3.6.x through 3.6.5, as well as TF-PSA-Crypto 1.0. The attack can be carried out by the peer or, depending on the protocol, by an active network attacker such as a man-in-the-middle.
How can this vulnerability impact me? :
This vulnerability can undermine the security guarantees of protocols that depend on contributory behavior in the Finite Field Diffie-Hellman key exchange. An attacker can force the shared secret into a limited set of values, potentially allowing them to predict or influence cryptographic keys.
Such an attack could be performed by a peer or an active network attacker (man-in-the-middle), which could lead to compromised confidentiality and integrity of communications relying on the affected cryptographic implementation.
However, it is noted that this issue does not affect TLS protocols, which do not depend on contributory behavior in this context.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability arises from improper input validation in the Finite Field Diffie-Hellman (FFDH) implementation in affected versions of Mbed TLS and TF-PSA-Crypto.
Immediate mitigation steps would typically include updating to a fixed version of the affected libraries once available, or applying any patches or workarounds provided by the vendor.
Since specific fixes or workarounds are not detailed in the provided resources, it is recommended to monitor official Mbed TLS security advisories and update your cryptographic libraries accordingly to ensure the vulnerability is addressed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the vulnerability in Mbed TLS related to Finite Field Diffie-Hellman (FFDH) affects compliance with common standards and regulations such as GDPR or HIPAA.