CVE-2026-34876: n/a
CVE-2026-34876 is an out-of-bounds read vulnerability in Mbed TLS 3. x before 3. 6. 6 affecting the multipart CCM API. The vulnerability arises from missing validation of the tag_len parameter in the mbedtls_ccm_finish() function, allowing attackers to read adjacent CCM context data. In Mbed TLS 4. x, the internal implementation has the same issue, but the vulnerable function is not exposed in the public API. Exploitation requires direct application-level use of the multipart CCM API with an oversized tag_len. This vulnerability has a high severity with a CVSS score of 7. 5 and impacts confidentiality but not integrity or availability.
AI Analysis
Technical Summary
Mbed TLS versions 3.x prior to 3.6.6 contain an out-of-bounds read vulnerability in the mbedtls_ccm_finish() function within the multipart CCM API. The root cause is the lack of validation of the tag_len parameter against the fixed 16-byte authentication buffer size, which allows an attacker to read adjacent memory areas. While Mbed TLS 4.x versions before the fix share the same internal issue, the vulnerable function is not accessible via the public API, reducing exposure. Exploitation requires that an application explicitly invoke the multipart CCM API with an oversized tag_len parameter.
Potential Impact
Successful exploitation of this vulnerability can lead to unauthorized disclosure of adjacent CCM context data, impacting confidentiality. There is no impact on integrity or availability. No known exploits are reported in the wild at this time.
Mitigation Recommendations
A fix is available in Mbed TLS version 3.6.6 and later. Users should upgrade to version 3.6.6 or newer to remediate this vulnerability. For Mbed TLS 4.x, although the internal issue exists, the vulnerable function is not exposed publicly, reducing risk. Patch status beyond version 3.6.6 is not explicitly provided; users should consult the vendor advisory for the latest remediation guidance.
CVE-2026-34876: n/a
Description
CVE-2026-34876 is an out-of-bounds read vulnerability in Mbed TLS 3. x before 3. 6. 6 affecting the multipart CCM API. The vulnerability arises from missing validation of the tag_len parameter in the mbedtls_ccm_finish() function, allowing attackers to read adjacent CCM context data. In Mbed TLS 4. x, the internal implementation has the same issue, but the vulnerable function is not exposed in the public API. Exploitation requires direct application-level use of the multipart CCM API with an oversized tag_len. This vulnerability has a high severity with a CVSS score of 7. 5 and impacts confidentiality but not integrity or availability.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Mbed TLS versions 3.x prior to 3.6.6 contain an out-of-bounds read vulnerability in the mbedtls_ccm_finish() function within the multipart CCM API. The root cause is the lack of validation of the tag_len parameter against the fixed 16-byte authentication buffer size, which allows an attacker to read adjacent memory areas. While Mbed TLS 4.x versions before the fix share the same internal issue, the vulnerable function is not accessible via the public API, reducing exposure. Exploitation requires that an application explicitly invoke the multipart CCM API with an oversized tag_len parameter.
Potential Impact
Successful exploitation of this vulnerability can lead to unauthorized disclosure of adjacent CCM context data, impacting confidentiality. There is no impact on integrity or availability. No known exploits are reported in the wild at this time.
Mitigation Recommendations
A fix is available in Mbed TLS version 3.6.6 and later. Users should upgrade to version 3.6.6 or newer to remediate this vulnerability. For Mbed TLS 4.x, although the internal issue exists, the vulnerable function is not exposed publicly, reducing risk. Patch status beyond version 3.6.6 is not explicitly provided; users should consult the vendor advisory for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-31T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69ce8d6ee6bfc5ba1de64e27
Added to database: 4/2/2026, 3:38:22 PM
Last enriched: 4/10/2026, 12:04:30 AM
Last updated: 5/20/2026, 12:06:05 PM
Views: 82
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.