CVE-2026-34871EXPLOITEDPATCHED

CVE-2026-34871: An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predict

Description

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).

Affected Products

Vendor	Product	Versions
—	n/a	n/a, 3.6.5, 4.0.x

References

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-34871 | mbed TLS up to 3.6.5/4.0.x entropy

→ No new info (linked only)

CVSS 3.16.7 HIGH

VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

3.6.6

CWECWE-338

PublishedApr 1, 2026

Last enriched1h agov2

Trending Score46

Source articles1

Independent1

Info Completeness8/14

Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Actively Exploited

Apr 1, 2026

Patch Available

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: affectedVersions, severity, activelyExploited, patchAvailable

Apr 1, 2026

Version History

Last enriched 1h ago

v2Tier C2h ago

Updated vendor to mbed, product to TLS, affected versions to 3.6.5 and 4.0.x, severity to HIGH, and noted that no exploit exists.

affectedVersionsseverityactivelyExploitedpatchAvailable

via VulDB

v12h ago

Initial creation