CVE-2026-25834

Published: Apr 01, 2026 Last Modified: Apr 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: low

Description

AI Translation Available

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.

295

Improper Certificate Validation

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Authentication
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity
Applicable Platforms
Technologies: Mobile, Not Technology-Specific, Web Based
View CWE Details
327

Use of a Broken or Risky Cryptographic Algorithm

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Accountability Non-Repudiation
Potential Impacts:
Read Application Data Modify Application Data Hide Activities
Applicable Platforms
Languages: Not Language-Specific, Verilog, VHDL
Technologies: ICS/OT, Not Technology-Specific
Likelihood of Exploit: High
View CWE Details
https://mbed-tls.readthedocs.io/en/latest/security-advisori…
https://mbed-tls.readthedocs.io/en/latest/security-advisories/
https://mbed-tls.readthedocs.io/en/latest/security-advisori…
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-…