{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-34873", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-02T16:24:46.024Z", "dateReserved": "2026-03-31T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T20:11:08.336Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}, {"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "CWE-287 Improper Authentication"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T15:54:35.519227Z", "id": "CVE-2026-34873", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T16:24:46.024Z"}}]}, "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "matchCriteriaId": "3278BC57-7535-4FB5-B2AA-2938CB48504B", "versionEndExcluding": "3.6.6", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "matchCriteriaId": "C28A01CF-A08B-4FC9-A8E1-8897EF66C041", "versionEndExcluding": "4.1.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session."}], "id": "CVE-2026-34873", "lastModified": "2026-04-07T12:13:36.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-01T21:17:01.990", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "mbedtls: Mbed TLS: Client impersonation during TLS 1.3 session resumption", "id": "2454108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454108"}, "csaw": false, "cvss3": {"cvss3_base_score": "10.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-290", "details": ["An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.", "A flaw was found in Mbed TLS. This vulnerability allows a remote attacker to impersonate a client during the resumption of a TLS 1.3 session. This could lead to unauthorized access or other security breaches by allowing the attacker to act as a legitimate client."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-34873", "public_date": "2026-04-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34873\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34873\nhttps://mbed-tls.readthedocs.io/en/latest/security-advisories/\nhttps://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/"], "statement": "This Critical flaw in Mbed TLS allows a remote attacker to impersonate a client during TLS 1.3 session resumption, potentially leading to unauthorized access. Red Hat products utilizing Mbed TLS for client-side TLS 1.3 session resumption are affected if this feature is enabled.", "threat_severity": "Critical"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.5.0,4.0.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "mbedtls", "vendor": "mbed-tls"}], "analysis": {"en": {"generated_at": "2026-04-07T20:03:03.739087+00:00", "value": {"mitigation_remediation": ["Upgrade Mbed TLS to a version later than 4.0.0 to apply the fix.", "Verify the integrity of all client certificates and enforce strict session\u2011resumption policies.", "Monitor authentication logs for abnormal login attempts and consider network\u2011level filtering of TLS handshake traffic as a precautionary measure."], "summary": {"action": "Patch promptly", "impact": "Client impersonation and authentication bypass"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Mbed TLS cryptographic library, which is widely deployed in embedded and IoT devices. All builds that include the affected versions (3.5.0 up to 4.0.0) are impacted; no specific vendor or product variants are named beyond the library itself.", "description_and_impact": "In Mbed TLS libraries version 3.5.0 through 4.0.0, the logic that manages TLS 1.3 session resumption fails to correctly verify the client\u2019s identity when the session is resumed. This flaw allows an attacker to forge a client identity and obtain the privileges of a legitimate client, effectively bypassing authentication controls and potentially gaining unauthorized access to services that rely on TLS 1.3 and client certificates.", "risk_and_exploitability": "The flaw carries a CVSS score of 9.1 and an EPSS probability of less than 1 percent, indicating high severity but low current exploitation likelihood. It is not recorded in the CISA KEV catalog. An attacker would need the ability to initiate a TLS 1.3 handshake from a client that has previously established a session and then reuse the session resumption context, potentially on a network they control. The exploitation requires control over the client and the ability to influence the TLS handshake, but remains a significant risk for any server that uses Mbed TLS for client authentication."}}}}, "created": "2026-04-02T07:51:12.702204+00:00", "updated": "2026-04-08T19:59:56.618171+00:00", "vendors": ["mbed-tls", "mbed-tls$PRODUCT$mbedtls"]}