CVE-2026-34876
Analyzed Analyzed - Analysis Complete
Out-of-Bounds Read in Mbed TLS CCM API Exposes Sensitive Data

Publication date: 2026-04-02

Last updated on: 2026-06-05

Assigner: MITRE

Description
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-06-05
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34876
EUVD
EUVD-2026-18356
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trustedfirmware mbed_tls From 3.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-34876 is a vulnerability in Mbed TLS versions 3.x before 3.6.6 involving an out-of-bounds read in the function mbedtls_ccm_finish(). This occurs because the tag_len parameter is not properly validated against the size of the internal 16-byte authentication buffer during the multipart CCM API operation. As a result, attackers can read adjacent CCM context data by invoking the multipart CCM API with an oversized tag_len parameter.

Additionally, in Mbed TLS 4.x versions prior to the fix, the same missing validation exists internally, but the vulnerable function is not exposed via the public API.

This vulnerability allows attackers to bypass the integrity check of the final authentication tag in CCM mode, potentially accepting forged or tampered data without detection.

Impact Analysis

This vulnerability can impact you by allowing attackers to bypass the integrity verification of data processed using the CCM multipart API in affected Mbed TLS versions. This means that forged or tampered data could be accepted as valid, compromising the integrity and security of your data.

Exploitation requires that the application directly invokes the multipart CCM API with an oversized tag_len parameter, which could lead to unauthorized access to adjacent sensitive data in memory.

Mitigation Strategies

To mitigate this vulnerability, you should update Mbed TLS to version 3.6.6 or later, where the missing validation of the tag_len parameter in the multipart CCM API has been fixed.

If updating immediately is not possible, avoid using the multipart CCM API with untrusted or oversized tag_len parameters to prevent exploitation.

Compliance Impact

The vulnerability in Mbed TLS allows attackers to bypass the integrity check of the CCM authentication tag, potentially leading to acceptance of forged or tampered data without detection. This compromises data integrity and security.

Since data integrity and security are critical requirements under common standards and regulations such as GDPR and HIPAA, this vulnerability could negatively impact compliance by exposing protected data to unauthorized modification or forgery.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34876. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart