Medium severity5.9NVD Advisory· Published Mar 30, 2026· Updated Apr 13, 2026

CVE-2026-32883

Description

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.

Affected products

Botan Project/Botan
cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
Range: >=3.0.0,<3.11.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/randombit/botan/security/advisories/GHSA-9j2j-hqmc-hf5xnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000