Improper input validation in Mbed TLS FFDH allows attackers to force shared secrets into a small set of values, compromising protocols that rely on co...
Description
Improper input validation in Mbed TLS FFDH allows attackers to force shared secrets into a small set of values, compromising protocols that rely on contributory behavior.
AI Analyst Comment
Remediation
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Mbed
PRODUCT: Mbed TLS / TF-PSA-Crypto
AFFECTED_VERSIONS: Mbed TLS 3.5.x to 3.6.5; TF-PSA-Crypto 1.0
---END_METADATA---
Description Summary:
Improper input validation in Mbed TLS FFDH allows attackers to force shared secrets into a small set of values, compromising protocols that rely on contributory behavior.
Executive Summary:
Mbed TLS and TF-PSA-Crypto suffer from a cryptographic flaw in Finite-Field Diffie-Hellman (FFDH) that allows attackers to manipulate shared secrets, potentially compromising non-TLS encrypted sessions.
Vulnerability Details
CVE-ID: CVE-2026-34872
Affected Software: Mbed TLS and TF-PSA-Crypto
Affected Versions: Mbed TLS 3.5.x and 3.6.x through 3.6.5; TF-PSA-Crypto 1.0
Vulnerability: A lack of contributory behavior in FFDH due to improper input validation allows a peer or an active network attacker to force the shared secret into a small, predictable set of values. While TLS itself is not affected, other protocols relying on FFDH contributory behavior are vulnerable.
Business Impact
This vulnerability has a CVSS score of 9.1. For custom protocols or non-TLS implementations using these libraries, the flaw could lead to the total decryption of sensitive communications or successful man-in-the-middle attacks.
Remediation Plan
Immediate Action: Update to the latest patched versions of Mbed TLS or TF-PSA-Crypto to ensure proper input validation and contributory behavior in FFDH operations.
Proactive Monitoring: Audit any custom cryptographic implementations that use these libraries to determine if they rely on the contributory properties of FFDH.
Compensating Controls: Transition to Elliptic Curve Diffie-Hellman (ECDH) where possible, as it is generally more robust against these types of cryptographic manipulation attacks.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Apr 1, 2026, there is no public information indicating active exploitation. The impact is highly dependent on the specific protocol being used alongside the library.
Analyst Recommendation
While the impact on standard TLS is minimal, the critical CVSS score reflects the risk to other applications. Developers should update their libraries immediately to maintain the cryptographic integrity of their systems.