EUVD-2026-18021
GHSA-347r-37hj-5jc9
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionNVD
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
AnalysisAI
Finite-field Diffie-Hellman (FFDH) in Mbed TLS 3.5.x, 3.6.0 through 3.6.5, and TF-PSA-Crypto 1.0 lacks contributory behavior due to improper validation of peer-supplied parameters, allowing an attacker to restrict the shared secret to a small set of predictable values. While the vulnerability does not directly impact TLS (which does not depend on contributory behavior), it poses a significant risk to protocols that do rely on this property, including those where an active network attacker or malicious peer can exploit the weakness. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today