Main Vulnerability Database Vulnerabilities #VU124810

Out-of-bounds read in mbed TLS - CVE-2026-34876

Published: April 2, 2026

Vulnerability identifier: #VU124810

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-34876

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ARM

Affected software:
mbed TLS

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper input validation in the CCM implementation (library/ccm.c) when processing the tag_len parameter in mbedtls_ccm_finish(). A remote attacker can send a specially crafted request with an oversized tag_len value to trigger an out-of-bounds read and disclose adjacent memory within the CCM context structure.

Exploitation requires the ability to invoke the multipart CCM API with controlled parameters. The vulnerability does not permit memory modification or direct code execution.

How to mitigate CVE-2026-34876

Install security update from vendor's website.

Sources

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ccm-finish-boundary-check/

Out-of-bounds read in mbed TLS - CVE-2026-34876

Detailed vulnerability description

How to mitigate CVE-2026-34876

Sources

Please verify you're human