CVE-2026-32883— Botan: Missing OCSP Response Signature Verification Allows MitM Certificate Revocation Bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-32883
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Botan: Missing OCSP Response Signature Verification Allows MitM Certificate Revocation Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
密码学签名的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Botan 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Botan是Jack Lloyd个人开发者的一个C++加密库。 Botan 3.0.0至3.11.0之前版本存在数据伪造问题漏洞,该漏洞源于X509路径验证过程中未验证OCSP响应的签名。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-32883
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-32883
请登录查看更多情报信息。
Same Patch Batch · randombit · 2026-03-30 · 3 CVEs total
| CVE-2026-32877 | 8.2 HIGH | Botan: Heap Buffer Over-read in SM2 Decryption via Undersized C3 Hash Field |
| CVE-2026-32884 | 5.9 MEDIUM | Botan: Case-Insensitive CN Values Bypass DNS excludedSubtrees Name Constraints (RFC 5280 V |
IV. Related Vulnerabilities
Same product: botan
- CVE-2026-34582
Botan has a TLS 1.3 certificate authentication bypass - CVE-2026-34580
Botan has a certificate authentication bypass due to trust a - CVE-2026-32877
Botan: Heap Buffer Over-read in SM2 Decryption via Undersize - CVE-2026-32884
Botan: Case-Insensitive CN Values Bypass DNS excludedSubtree - CVE-2024-39312
Botan has an Authorization Error due to Name Constraint Deco
Same vendor: randombit
- CVE-2026-34582
Botan has a TLS 1.3 certificate authentication bypass - CVE-2026-34580
Botan has a certificate authentication bypass due to trust a - CVE-2026-32877
Botan: Heap Buffer Over-read in SM2 Decryption via Undersize - CVE-2026-32884
Botan: Case-Insensitive CN Values Bypass DNS excludedSubtree - CVE-2024-39312
Botan has an Authorization Error due to Name Constraint Deco
Same weakness: CWE-347
- CVE-2026-42193
Plunk: SNS webhook forgery - CVE-2026-44497
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type - CVE-2026-41669
Admidio: SAML Signature Validation Result Ignored — Forged A - CVE-2026-7689
Dolibarr ERP CRM Online Signature security.lib.php dol_verif - CVE-2026-33467
Improper Verification of Cryptographic Signature in Elastic
V. Comments for CVE-2026-32883
No comments yet