EUVD-2026-18394
2026-04-02
[email protected]
9.8
CVSS 3.1
Share
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Lifecycle Timeline
3
Analysis Generated
Apr 02, 2026 - 17:22 vuln.today
EUVD ID Assigned
Apr 02, 2026 - 17:22 euvd
EUVD-2026-18394
CVE Published
Apr 02, 2026 - 17:16 nvd
CRITICAL 9.8
Description
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is caused by Incorrect Use of Privileged APIs.
Analysis
Mbed TLS versions 2.19.0 through 3.6.5 and 4.0.0 allow remote code execution through memory corruption when attackers modify serialized SSL context or session structures. The vulnerability stems from insufficient validation of deserialized data, enabling arbitrary code execution on systems using affected versions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
49
Low
Medium
High
Critical
KEV: 0
EPSS: +0.1
CVSS: +49
POC: 0
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).