Vulnerability - CVE-2026-34871

›

›vulnerability›CVE-2026-34871

Name

CVE-2026-34871

Source

NVD ( link)Debian ( link)

Description

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).

CWEs

Published Date

Apr 1, 2026

Updated Date

Jun 17, 2026

Workaround

-

Advisories

https://mbed-tls.readthedocs.io/en/latest/security-advisories/Vendor Advisory

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random/Vendor Advisory

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

6.7

CVSSv31

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

buildroot

2025.02.x

3.6.6

Not Affected

buildroot

master

3.6.6

Not Affected

openwrt

master

3.6.6-r2

Not Affected

openwrt

openwrt-25.12

3.6.6-r2

Not Affected

yocto

kirkstone

2.28.10

Exploitable

yocto

master

3.6.6

Not Affected