Reporting Vulneratibilities

If you think you have found an Mbed TLS security vulnerability, then please send an email to the security team at

Security Incident Handling Process

Our security process is detailled in our security center.

Its primary goal is to ensure fixes are ready to be deployed when the issue goes public.

Maintained branches

Only the maintained branches, as listed in, get security fixes. Users are urged to always use the latest version of a maintained branch.