Home / Vulnerability Intelligence / CVE-2026-34877

CVE-2026-34877 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 3, 2026

Mbed TLS - Remote Code Execution

Published: April 2, 2026Updated: April 3, 2026Remote Exploitable

Overview

Mbed TLS 2.19.0 to 3.6.5 and 4.0.0 contain a remote code execution caused by insufficient protection of serialized SSL context or session structures due to incorrect use of privileged APIs, letting attackers induce memory corruption by modifying serialized structures, exploit requires ability to modify serialized structures.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 7.5%(Probability of exploitation in next 30 days)

Impact

Attackers can induce memory corruption and execute arbitrary code remotely by modifying serialized SSL context or session structures.

Mitigation

Update to the latest version beyond 4.0.0.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 3, 2026

🔴 CVE-2026-34877 - Critical (9.8) An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34877/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-34877
Severity: Critical
CVSS Score: 9.8
Type: undefined
Status: unconfirmed
EPSS: 7.5%
Social Posts: 1

CWE

CWE-250

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

7.5%Probability of exploitation in the next 30 days