Skip to main content

Mbed TLS CVE-2026-34871

| EUVDEUVD-2026-18001 MEDIUM
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
2026-04-01 mitre GHSA-rjq9-c3rf-c638
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 19:00 euvd
EUVD-2026-18001
Analysis Generated
Apr 01, 2026 - 19:00 vuln.today
CVE Published
Apr 01, 2026 - 00:00 nvd
MEDIUM 6.7

DescriptionCVE.org

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).

AnalysisAI

Mbed TLS 3.x before 3.6.6, 4.x before 4.1.0, and TF-PSA-Crypto before 1.1.0 contain a predictable seed vulnerability in their pseudo-random number generator (PRNG) implementation that compromises the cryptographic strength of generated random values. Attackers with knowledge of the seed initialization mechanism can predict PRNG output, enabling them to forge cryptographic material, decrypt communications, or impersonate legitimate parties. No active exploitation has been confirmed, but the information disclosure nature of this vulnerability affects all applications relying on these libraries for cryptographic operations.

Technical ContextAI

The vulnerability resides in the PRNG implementation used by Mbed TLS and TF-PSA-Crypto for generating cryptographic random numbers, which are fundamental to key generation, nonce creation, and other security-critical operations. The root cause involves predictable seed initialization-the mechanism that initializes the PRNG state lacks sufficient entropy or uses a deterministic source rather than a cryptographically secure random source. Since PRNG output directly feeds cryptographic operations including RSA/ECDSA signatures, symmetric cipher initialization, and protocol handshakes, a predictable seed undermines the security guarantees of all downstream cryptographic operations. This affects the C/C++ implementations of both Mbed TLS (a widely-used embedded TLS library) and TF-PSA-Crypto (the ARM Platform Security Architecture cryptography API), which are used extensively in embedded systems, IoT devices, mobile platforms, and other resource-constrained environments.

RemediationAI

Upgrade immediately to Mbed TLS 3.6.6 or later for the 3.x branch, Mbed TLS 4.1.0 or later for the 4.x branch, and TF-PSA-Crypto 1.1.0 or later. These patched versions address the PRNG seed initialization vulnerability and restore cryptographic randomness guarantees. Organizations unable to patch immediately should implement compensating controls such as using external hardware random number generators (if the platform supports them) or integrating entropy from verified cryptographic libraries that do not suffer from the same predictability issue, though such workarounds are temporary and not a substitute for patching. Refer to the official Mbed TLS security advisory at https://mbed-tls.readthedocs.io/en/latest/security-advisories/ for detailed remediation guidance and platform-specific upgrade instructions.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-34871 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy