{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-34873", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-02T16:24:46.024Z", "dateReserved": "2026-03-31T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T20:11:08.336Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}, {"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "CWE-287 Improper Authentication"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T15:54:35.519227Z", "id": "CVE-2026-34873", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T16:24:46.024Z"}}]}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session."}], "id": "CVE-2026-34873", "lastModified": "2026-04-03T16:10:52.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-01T21:17:01.990", "references": [{"source": "cve@mitre.org", "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}, {"source": "cve@mitre.org", "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "mbedtls: Mbed TLS: Client impersonation during TLS 1.3 session resumption", "id": "2454108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454108"}, "csaw": false, "cvss3": {"cvss3_base_score": "10.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-290", "details": ["An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.", "A flaw was found in Mbed TLS. This vulnerability allows a remote attacker to impersonate a client during the resumption of a TLS 1.3 session. This could lead to unauthorized access or other security breaches by allowing the attacker to act as a legitimate client."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-34873", "public_date": "2026-04-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34873\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34873\nhttps://mbed-tls.readthedocs.io/en/latest/security-advisories/\nhttps://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/"], "statement": "This Critical flaw in Mbed TLS allows a remote attacker to impersonate a client during TLS 1.3 session resumption, potentially leading to unauthorized access. Red Hat products utilizing Mbed TLS for client-side TLS 1.3 session resumption are affected if this feature is enabled.", "threat_severity": "Critical"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.5.0,4.0.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "mbedtls", "vendor": "mbed-tls"}], "analysis": {"en": {"generated_at": "2026-04-02T22:39:41.030024+00:00", "value": {"mitigation_remediation": ["Verify the Mbed TLS library version in use.", "If the library version is 3.5.0 through 4.0.0, upgrade to a patched release as soon as it becomes available.", "If an upgrade is not immediately possible, consider disabling TLS\u00a01.3 session resumption on the affected systems to mitigate the risk temporarily.", "Follow vendor advisories listed in the provided references for additional mitigation guidance."], "summary": {"action": "Patch immediately", "impact": "Client impersonation"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in the Mbed TLS library for versions 3.5.0 through 4.0.0. Any application or device that incorporates these library versions and uses TLS\u00a01.3 session resumption is at risk.", "description_and_impact": "An issue in Mbed TLS allows a malicious party to impersonate an authenticated client while it attempts to resume a TLS\u00a01.3 session. The flaw results in a violation of authentication, potentially giving an attacker unauthorized access or control over the session. The weakness is reflected in CWE\u2011287 (Authentication Failure) and CWE\u2011290 (Improper Authentication).", "risk_and_exploitability": "The CVSS score of 9.1 indicates critical severity, and the EPSS score of less than\u202f1\u202f% suggests that active exploitation is currently low but could rise if a fix is not applied. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a remote attacker that can initiate a TLS\u00a01.3 session resumption flow against a vulnerable system; exploitation would require influencing the client\u2019s resumption request or manipulating the session data during resumption."}}}}, "created": "2026-04-02T07:51:12.702204+00:00", "updated": "2026-04-03T09:19:17.055898+00:00", "vendors": ["mbed-tls", "mbed-tls$PRODUCT$mbedtls"]}