CVE-2026-1677
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
In Zephyr, sockets created with `IPPROTO_TLS_1_3` can negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS. Applications assuming `IPPROTO_TLS_1_3` enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses.
Risk Assessment
The organization may unknowingly use TLS 1.2 instead of the required TLS 1.3, exposing communications to known downgrade attacks and violating security policies that mandate TLS 1.3 only.
Recommendation
Update Zephyr to a patched version or, as a workaround, restrict the `TLS_CIPHERSUITE_LIST` socket option to TLS 1.3-only cipher suites.
Original NVD description (English source)
Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via `mbedtls_ssl_conf_min_tls_version`). The ClientHello advertises both versions and the peer can establish TLS 1.2, so applications that assumed `IPPROTO_TLS_1_3` enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses. As a workaround, the `TLS_CIPHERSUITE_LIST` socket option can be restricted to TLS 1.3-only cipher suites.

