Cryptography Library Vulnerability in Botan Affects DNS Name Constraints
CVE-2026-32884

5.9MEDIUM

Key Information:

Vendor: Randombit
Status: Botan
Vendor: CVE Published:; 30 March 2026

What is CVE-2026-32884?

The Botan C++ cryptography library contains a flaw in its processing of X.509 certificate paths that utilize name constraints. Specifically, prior to version 3.11.0, the library enforced a check against common name (CN) fields when a subject alternative name was not defined. This enforcement disregarded case sensitivity rules, allowing potential evasion of constraints under certain circumstances. Certificates featuring a mixed-case CN, such as CN=Sub.EVIL.COM, could exploit this oversight, bypassing restrictions meant to guard against unauthorized DNS entries. This vulnerability has been addressed in version 3.11.0.

Affected Version(s)

botan < 3.11.0

References

https://github.com/randombit/botan/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 16, 2026

CVE-2026-32884 Data

JSON

Randombit

What is CVE-2026-32884?

Affected Version(s)

References

CVSS V3.1

Timeline