Medium severity5.9NVD Advisory· Published Mar 30, 2026· Updated Apr 13, 2026
CVE-2026-32883
CVE-2026-32883
Description
Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*range: >=3.0.0,<3.11.0
- (no CPE)range: >=3.0.0, <3.11.0
Patches
Vulnerability mechanics
References
1- github.com/randombit/botan/security/advisories/GHSA-9j2j-hqmc-hf5xnvdVendor Advisory
News mentions
0No linked articles in our index yet.