CVE-2026-1677: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') in zephyrproject-rtos Zephyr
Zephyr sockets created with the IPPROTO_TLS_1_3 option can still negotiate a TLS 1. 2 connection if both TLS 1. 2 and TLS 1. 3 are enabled, due to the socket-level protocol selection not being properly propagated to mbedTLS. This allows a peer to establish a TLS 1. 2 connection even when TLS 1. 3 was intended, potentially exposing applications to TLS 1. 2-specific weaknesses. A workaround is to restrict the TLS_CIPHERSUITE_LIST socket option to TLS 1. 3-only cipher suites.
AI Analysis
Technical Summary
In Zephyr RTOS, when sockets are created with the IPPROTO_TLS_1_3 protocol, the intended enforcement of TLS 1.3 is not guaranteed because the protocol version selection is not correctly communicated to the underlying mbedTLS library. Consequently, the ClientHello message advertises both TLS 1.2 and TLS 1.3, allowing the peer to negotiate a TLS 1.2 connection. This behavior results in an algorithm downgrade vulnerability where TLS 1.2 is used despite the application's expectation of TLS 1.3, potentially exposing the connection to vulnerabilities specific to TLS 1.2. The issue arises when both TLS versions are enabled in the Kconfig configuration. The vendor has not provided an official patch or remediation at this time.
Potential Impact
The vulnerability allows a downgrade from TLS 1.3 to TLS 1.2 during the TLS handshake, which may expose applications to known weaknesses in TLS 1.2. Confidentiality could be partially impacted due to the use of a less secure protocol version. There is no indication of integrity or availability impact. No known exploits are reported in the wild.
Mitigation Recommendations
No official patch or fix has been published yet. As a workaround, restrict the TLS_CIPHERSUITE_LIST socket option to only include TLS 1.3 cipher suites to prevent negotiation of TLS 1.2 connections. Monitor the vendor advisory for updates and official fixes.
CVE-2026-1677: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') in zephyrproject-rtos Zephyr
Description
Zephyr sockets created with the IPPROTO_TLS_1_3 option can still negotiate a TLS 1. 2 connection if both TLS 1. 2 and TLS 1. 3 are enabled, due to the socket-level protocol selection not being properly propagated to mbedTLS. This allows a peer to establish a TLS 1. 2 connection even when TLS 1. 3 was intended, potentially exposing applications to TLS 1. 2-specific weaknesses. A workaround is to restrict the TLS_CIPHERSUITE_LIST socket option to TLS 1. 3-only cipher suites.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
In Zephyr RTOS, when sockets are created with the IPPROTO_TLS_1_3 protocol, the intended enforcement of TLS 1.3 is not guaranteed because the protocol version selection is not correctly communicated to the underlying mbedTLS library. Consequently, the ClientHello message advertises both TLS 1.2 and TLS 1.3, allowing the peer to negotiate a TLS 1.2 connection. This behavior results in an algorithm downgrade vulnerability where TLS 1.2 is used despite the application's expectation of TLS 1.3, potentially exposing the connection to vulnerabilities specific to TLS 1.2. The issue arises when both TLS versions are enabled in the Kconfig configuration. The vendor has not provided an official patch or remediation at this time.
Potential Impact
The vulnerability allows a downgrade from TLS 1.3 to TLS 1.2 during the TLS handshake, which may expose applications to known weaknesses in TLS 1.2. Confidentiality could be partially impacted due to the use of a less secure protocol version. There is no indication of integrity or availability impact. No known exploits are reported in the wild.
Mitigation Recommendations
No official patch or fix has been published yet. As a workaround, restrict the TLS_CIPHERSUITE_LIST socket option to only include TLS 1.3 cipher suites to prevent negotiation of TLS 1.2 connections. Monitor the vendor advisory for updates and official fixes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- zephyr
- Date Reserved
- 2026-01-30T05:38:22.811Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a01758dcbff5d86109c7ece
Added to database: 5/11/2026, 6:22:05 AM
Last enriched: 5/11/2026, 6:36:41 AM
Last updated: 5/11/2026, 7:34:50 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.