CVE-2026-34580Improper Certificate Validation in Botan

CWE-295Improper Certificate Validation12 documents5 sources
Severity
9.3CRITICALNVD
EPSS
0.0%
top 94.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Randombit BotanDebian Botan3
Timeline
PublishedApr 7
Latest updateApr 8

Description

Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching that of the argument. It did not check that the cert it found and the cert it was passed were actually the same certificate. In 3.11.0 an extension of path validation logic was made which assumed that certificate_known only returned true if the certificates were in fact

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

debiandebian/botan3
CVEListV5randombit/botan>= 3.11.0, < 3.11.1

📋Vendor Advisories

2
Red Hat
Botan: Botan: Certificate validation bypass due to incorrect certificate matching2026-04-07
Debian
CVE-2026-34580: botan3 - Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::...2026

🕵️Threat Intelligence

2
Wiz
CVE-2026-34582 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-34580 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

7
Bugzilla
CVE-2026-34580 botan3: Botan: Certificate validation bypass due to incorrect certificate matching [epel-all]2026-04-08
Bugzilla
CVE-2026-34580 botan2: Botan: Certificate validation bypass due to incorrect certificate matching [fedora-42]2026-04-08
Bugzilla
CVE-2026-34580 botan2: Botan: Certificate validation bypass due to incorrect certificate matching [epel-all]2026-04-08
Bugzilla
CVE-2026-34580 botan2: Botan: Certificate validation bypass due to incorrect certificate matching [fedora-43]2026-04-08
Bugzilla
CVE-2026-34580 botan: Botan: Certificate validation bypass due to incorrect certificate matching [fedora-43]2026-04-08