Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
AnalysisAI
Mbed TLS versions 3.5.0 through 4.0.0 allow client impersonation during TLS 1.3 session resumption, enabling an attacker to assume the identity of a legitimate client when reestablishing a previously negotiated session. The vulnerability affects the session resumption mechanism in TLS 1.3 and permits information disclosure; no CVSS score or exploit status data is currently available from public sources.
Technical ContextAI
Mbed TLS is a widely-used cryptographic library implementing TLS/SSL protocols. TLS 1.3 session resumption uses session tickets and PSK (Pre-Shared Key) mechanisms to allow clients to reconnect without full handshakes. The vulnerability resides in the session resumption logic between versions 3.5.0 and 4.0.0, where insufficient validation or binding of session identifiers permits an unauthenticated attacker to replay or forge session tickets to impersonate a legitimate client. This is a violation of the TLS 1.3 specification's session binding guarantees, likely related to improper cryptographic validation of session state or client identity markers during ticket decryption or PSK derivation.
RemediationAI
Upgrade Mbed TLS to a patched version released after 4.0.0 or to the latest stable release confirmed by the Mbed TLS project as containing the fix. Consult the official Mbed TLS security advisory at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/ for exact fix versions and release dates. If immediate patching is not feasible, disable TLS 1.3 session resumption on affected servers (via configuration) as a temporary workaround; however, this reduces performance and should not substitute for patching. Coordinate patching with firmware and dependency updates for embedded deployments.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18064