CVE-2026-32883 — Improper Verification of Cryptographic Signature in Project Botan

CWE-347 — Improper Verification of Cryptographic Signature13 documents6 sources

Severity

5.9MEDIUMNVD

EPSS

0.0%

top 96.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Botan Project Botan Debian Botan Debian Botan3 +1 more

Timeline

PublishedMar 30

Latest updateApr 1

Description

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/botan< botan3 3.11.0+dfsg-2 (sid)

▶debiandebian/botan3< botan3 3.11.0+dfsg-2 (sid)

▶NVDbotan_project/botan3.0.0 — 3.11.0

▶CVEListV5randombit/botan>= 3.0.0, < 3.11.0

🔴Vulnerability Details

OSV

CVE-2026-32883: Botan is a C++ cryptography library↗2026-03-30

▶

📋Vendor Advisories

Red Hat

Botan: Botan: Compromised certificate validation integrity via unverified OCSP response signatures↗2026-03-30

▶

Debian

CVE-2026-32883: botan - Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-34582 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-32884 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-32877 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-34580 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-32883 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-32883 botan2: Botan: Compromised certificate validation integrity via unverified OCSP response signatures [fedora-43]↗2026-04-01

▶

Bugzilla

CVE-2026-32883 botan2: Botan: Compromised certificate validation integrity via unverified OCSP response signatures [epel-all]↗2026-04-01

▶

Bugzilla

CVE-2026-32883 botan2: Botan: Compromised certificate validation integrity via unverified OCSP response signatures [fedora-42]↗2026-04-01

▶

Bugzilla

CVE-2026-32883 botan3: Botan: Compromised certificate validation integrity via unverified OCSP response signatures [epel-all]↗2026-04-01

▶