CVE Catalog

CVE-2026-1677

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

In Zephyr, sockets created with `IPPROTO_TLS_1_3` can negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS. Applications assuming `IPPROTO_TLS_1_3` enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses.

Risk Assessment

The organization may unknowingly use TLS 1.2 instead of the required TLS 1.3, exposing communications to known downgrade attacks and violating security policies that mandate TLS 1.3 only.

Recommendation

Update Zephyr to a patched version or, as a workaround, restrict the `TLS_CIPHERSUITE_LIST` socket option to TLS 1.3-only cipher suites.

Original NVD description (English source)

Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via `mbedtls_ssl_conf_min_tls_version`). The ClientHello advertises both versions and the peer can establish TLS 1.2, so applications that assumed `IPPROTO_TLS_1_3` enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses. As a workaround, the `TLS_CIPHERSUITE_LIST` socket option can be restricted to TLS 1.3-only cipher suites.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS