Primary

Context

Mbed TLS Signature Algorithm Downgrade Vulnerability

Vulnerability

Patched

A vulnerability allowing algorithm downgrade in signature processing has been identified in Mbed TLS versions 3.3.0 prior to 3.6.5 and 4.0.0. This issue arises because the Mbed TLS client in these versions accepts any signature algorithm choice made by the server for TLS 1.2, disregarding the client's configured security policy. As a result, a server could potentially force a client to accept a less secure algorithm, bypassing the client's intended security settings.

Impact

Exploitation of this vulnerability leads to a bypass of the client's signature algorithm policy, allowing a server to impose less secure algorithms during the TLS handshake.

Remediation

Users are advised to upgrade to Mbed TLS versions 3.6.6 or 4.1.0. For those maintaining branches with backported bug fixes, relevant commits are available for Mbed TLS 3.6.x and Mbed TLS 4.x.

Added: Apr 1, 2026, 6:55 PM

Updated: Apr 1, 2026, 6:55 PM

Vulnerability Rating

Custom Algorithm

spread

8.6

impact

1.3

exploitability

6.4

remediation

8.3

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.6

impact

1.3

exploitability

6.4

remediation

8.3

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mbed TLS Signature Algorithm Downgrade Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mbed TLS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating