CVE-2026-1677— net: TLS 1.2 connections allowed on TLS 1.3 sockets
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-1677
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
net: TLS 1.2 connections allowed on TLS 1.3 sockets
Source: NVD (National Vulnerability Database)
Vulnerability Description
Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via `mbedtls_ssl_conf_min_tls_version`). The ClientHello advertises both versions and the peer can establish TLS 1.2, so applications that assumed `IPPROTO_TLS_1_3` enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses. As a workaround, the `TLS_CIPHERSUITE_LIST` socket option can be restricted to TLS 1.3-only cipher suites.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在会话协商时选择低安全性的算法(算法降级)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Zephyr 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zephyr是Zephyr开源的一个可扩展的实时操作系统 (RTOS)。 Zephyr存在安全漏洞,该漏洞源于使用IPPROTO_TLS_1_3创建的套接字在启用两种TLS版本时仍可协商TLS 1.2连接,因为套接字级别的协议选择未传播到mbedTLS,可能导致应用程序静默使用TLS 1.2并暴露于TLS 1.2特定弱点。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| zephyrproject-rtos | Zephyr | * ~ 4.3 | - |
II. Public POCs for CVE-2026-1677
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-1677
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: Zephyr
- CVE-2026-1681
net: Stack Overflow with Ping (to own IP Address) via Shell - CVE-2026-5590
net: ip/tcp: Null pointer dereference can be triggered by a - CVE-2026-1679
net: eswifi socket send payload length not bounded - CVE-2026-4179
stm32: usb: Infinite while loop in Interrupt Handler - CVE-2026-0849
crypto: ATAES132A response length allows stack buffer overfl
Same vendor: zephyrproject-rtos
- CVE-2026-1681
net: Stack Overflow with Ping (to own IP Address) via Shell - CVE-2026-5590
net: ip/tcp: Null pointer dereference can be triggered by a - CVE-2026-1679
net: eswifi socket send payload length not bounded - CVE-2026-4179
stm32: usb: Infinite while loop in Interrupt Handler - CVE-2026-0849
crypto: ATAES132A response length allows stack buffer overfl
Same weakness: CWE-757
- CVE-2026-6550
Key commitment policy bypass via shared key cache in AWS Enc - CVE-2026-32650
Anviz CrossChex Standard Algorithm Downgrade - CVE-2026-2673
OpenSSL TLS 1.3 server may choose unexpected key agreement g - CVE-2025-10693
Silicon Labs Z-Wave PIR Sensor Joins Network as Non-Secure - CVE-2025-59270
psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse
V. Comments for CVE-2026-1677
No comments yet