Signature Verification Vulnerability in Botan Cryptography Library
CVE-2026-32883

5.9MEDIUM

Key Information:

Vendor: Randombit
Status: Botan
Vendor: CVE Published:; 30 March 2026

What is CVE-2026-32883?

The Botan cryptography library, utilized in various applications for secure cryptographic operations, has a vulnerability in its handling of Online Certificate Status Protocol (OCSP) responses. Specifically, prior to version 3.11.0, the library failed to verify the signature of OCSP responses during X509 path validation, despite checking for a valid status code. This omission potentially allows an attacker to serve malicious OCSP responses, undermining the integrity of certificate validation processes. The issue has been addressed in version 3.11.0 of Botan, emphasizing the importance of updating to this version to mitigate associated risks.

Affected Version(s)

botan >= 3.0.0, < 3.11.0

References

https://github.com/randombit/botan/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 16, 2026

CVE-2026-32883 Data

JSON

Randombit

What is CVE-2026-32883?

Affected Version(s)

References

CVSS V3.1

Timeline