CVE-2026-34876 | mbed TLS up to 3.6.5 Multipart CCM API library/ccm.c mbedtls_ccm_finish tag_len out-of-bounds

Inserito da Angelo Barbosa | Apr 2, 2026 | CVE

A vulnerability was found in mbed TLS up to 3.6.5. It has been classified as problematic. The impacted element is the function mbedtls_ccm_finish of the file library/ccm.c of the component Multipart CCM API. Performing a manipulation of the argument tag_len results in out-of-bounds read.

This vulnerability was named CVE-2026-34876. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-34876 | mbed TLS up to 3.6.5 Multipart CCM API library/ccm.c mbedtls_ccm_finish tag_len out-of-bounds

Post correlati

CVE-2024-20451 | Cisco SPA300/SPA500 up to 7.6.2SR7 Web-based Management Interface buffer overflow (cisco-sa-spa-http-vulns-RJZmX2Xz)

CVE-2025-10471 | ZKEACMS 4.3 MediaController.cs Proxy url server-side request forgery

CVE-2025-8378 | Campcodes Online Hotel Reservation System 1.0 Login /admin/index.php username/password sql injection

CVE-2025-8511 | Portabilis i-Diario 1.5.0 Observações /diario-de-observacoes/ Descrição cross site scripting