Issue
In the CCM implementation, mbedtls_ccm_finish() did not validate the caller-supplied tag_len parameter against the 16-byte internal ctx->y buffer or the valid CCM tag size range (4–16 bytes). An application that calls the multipart CCM API with tag_len > 16 triggers an out-of-bounds read past ctx->y into adjacent fields of the mbedtls_ccm_context structure, which may disclose internal CCM state including key-dependent block cipher state. Affects all versions of Mbed TLS from 3.1.0 through 3.6.5.
https://nvd.nist.gov/vuln/detail/CVE-2026-34876
Workaround
Update to mbedTLS v3.6.6 or newer.
FSP v6.5.0 (scheduled for 2026/05/27) includes mbedTLS v3.6.6.
Issue
In the CCM implementation, mbedtls_ccm_finish() did not validate the caller-supplied tag_len parameter against the 16-byte internal ctx->y buffer or the valid CCM tag size range (4–16 bytes). An application that calls the multipart CCM API with tag_len > 16 triggers an out-of-bounds read past ctx->y into adjacent fields of the mbedtls_ccm_context structure, which may disclose internal CCM state including key-dependent block cipher state. Affects all versions of Mbed TLS from 3.1.0 through 3.6.5.
https://nvd.nist.gov/vuln/detail/CVE-2026-34876
Workaround
Update to mbedTLS v3.6.6 or newer.
FSP v6.5.0 (scheduled for 2026/05/27) includes mbedTLS v3.6.6.