External risk intelligence

Mbed TLS TF-PSA Crypto Public Key Export Buffer Overflow.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-34875

A buffer overflow vulnerability exists in Mbed TLS and TF-PSA-Crypto libraries during the export of FFDH public keys. If reachable, this could allow an attacker to overwrite memory. This is relevant for systems using these cryptographic libraries.

2Halo Surface Signal

Buffer Overflow

Trustedfirmware Mbed Tls

3.5.0 to before 3.6.6before 1.1.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-34875

Mbed TLS and TF-PSA-Crypto are cryptographic libraries integrated into firmware or software applications. They are not standalone internet-facing services or gateways. While they may be used in network-connected products, the libraries themselves operate internally within the application or device stack and are not typically exposed directly to the public internet.

PCI scan relevance

PCI Relevance for CVE-2026-34875

Yes

CVE-2026-34875 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability involves a buffer overflow in Mbed TLS and TF-PSA-Crypto during public key export, which is a type of vulnerability that can lead to an ASV scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

An issue has been identified in Mbed TLS and TF-PSA-Crypto libraries related to public key export for FFDH keys, which could lead to a buffer overflow. While the libraries are used in various applications, their internal nature suggests the primary concern is confirming relevance and exposure within your specific deployed systems.

  • A library vulnerability in key export operations.
  • Confirms relevance and exposure within your systems.
  • Assess library use for potential impact.

Attack Path

How an attacker could exploit the issue

An attacker could reach this vulnerability by sending specially crafted data to a system utilizing the affected cryptographic libraries. This could lead to a buffer overflow when the system attempts to export public keys for FFDH keys.

  • No authentication or network access required.
  • Public key export of FFDH keys.
  • Potential for code execution and data compromise.

Live Threat

Current exploitation, exposure, and threat context

A buffer overflow in public key export for FFDH keys could allow an attacker to overwrite memory when the affected function is called.

  • Exposed system or user data.
  • Public key export functionality.
  • Memory corruption or denial of service.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The technical teams responsible for addressing this vulnerability will depend on how Mbed TLS and TF-PSA-Crypto are integrated. Application owners are likely accountable if these libraries are part of custom software, while platform or infrastructure teams may be responsible if they are core components of operating systems or managed services. The immediate first step is to inventory all deployments of these libraries, confirm their exposure and business criticality, and identify the specific system or application owner responsible for remediation planning.

  • Identify and confirm affected systems.
  • Verify library integration and exposure.
  • Plan remediation based on risk.

Frequently asked questions

What are Mbed TLS and TF-PSA-Crypto?

Mbed TLS and TF-PSA-Crypto are cryptographic software libraries providing security functions for applications, particularly in embedded systems. They handle encryption, digital signatures, and secure communication.

What is the identified weakness for CVE-2026-34875?

The weakness identified for CVE-2026-34875 is a buffer overflow (CWE-120). This occurs when a program writes more data into a buffer than it can hold, potentially corrupting adjacent memory.

How can the CVE-2026-34875 buffer overflow be triggered?

This vulnerability can be triggered during the export of public keys for FFDH keys. An attacker could send specially crafted data to trigger this overflow when the affected function is called.

What is the relevance of CVE-2026-34875 to Halo Surface Signal?

Halo Surface Signal assesses the relevance of CVE-2026-34875 as unlikely. While the libraries may be in network-connected products, they operate internally and are not typically exposed directly to the internet.

What is the recommended response to this vulnerability?

The recommended response involves identifying all deployments of affected libraries, confirming their exposure and business criticality, and identifying the system owner responsible for planning remediation. This depends on how Mbed TLS and TF-PSA-Crypto are integrated into your specific software or systems.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified