Trustedfirmware Tf-psa-crypto — known CVE vulnerabilities
Every CVE whose affected-product data names Trustedfirmware Tf-psa-crypto, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-34875 — CVSS 9.8 (critical): An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
CVE-2026-25835 — CVSS 7.7 (high): Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2026-34871 — CVSS 6.7 (medium): An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a…