CVE-2026-32883

Published: Mar 30, 2026 Last Modified: Mar 30, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,9

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: high

Availability: none

Description

AI Translation Available

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.

347

Improper Verification of Cryptographic Signature

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality

Potential Impacts:

Gain Privileges Or Assume Identity Modify Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/randombit/botan/security/advisories/GHSA…

https://github.com/randombit/botan/security/advisories/GHSA-9j2j-hqmc-hf5x

CVE-2026-32883

Description

Improper Verification of Cryptographic Signature

Common Consequences

Applicable Platforms

Iscriviti alla newsletter