TLS 1.3 Vulnerability in Botan Cryptography Library
CVE-2026-34582

8.7HIGH

Key Information:

Vendor: Randombit
Status: Botan
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-34582?

The Botan cryptography library, utilized extensively in various applications for secure data handling, has a vulnerability in its TLS 1.3 implementation. This issue allows for the processing of ApplicationData records before the necessary Finished message is received. Consequently, this can enable a malicious client to bypass enforced client authentication, compromising the communication's integrity. Users are strongly advised to upgrade to version 3.11.1 or later to mitigate this risk.

Affected Version(s)

botan < 3.11.1

References

https://github.com/randombit/botan/security/advisories/GH...

x_refsource_CONFIRM

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34582 Data

JSON

Randombit

What is CVE-2026-34582?

Affected Version(s)

References

CVSS V4

Timeline