CVE-2026-34876 | mbed TLS up to 3.6.5 Multipart CCM API library/ccm.c mbedtls_ccm_finish tag_len out-of-bounds

Inserito da Angelo Barbosa | Apr 2, 2026 | CVE

A vulnerability was found in mbed TLS up to 3.6.5. It has been classified as problematic. The impacted element is the function mbedtls_ccm_finish of the file library/ccm.c of the component Multipart CCM API. Performing a manipulation of the argument tag_len results in out-of-bounds read.

This vulnerability was named CVE-2026-34876. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-34876 | mbed TLS up to 3.6.5 Multipart CCM API library/ccm.c mbedtls_ccm_finish tag_len out-of-bounds

Post correlati

CVE-2025-11946 | LogicalDOC Community Edition up to 9.2.1 Add Contact Page /frontend.jsp First Name/Last Name/Company/Address/Phone/Mobile cross site scripting

CVE-2021-47196 | Linux Kernel up to 5.15.4 RDMA use after free (b70e072feffa/6cd7397d01c4)

CVE-2023-7128 | code-projects Voting System 1.0 Admin Login /admin/ username sql injection

CVE-2023-48910 | Microcks up to 1.17.1 GET Request /jobs server-side request forgery