CVE-2026-34580 in botanthông tin

Tóm tắt

Bởi MITRE • 08/04/2026

Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching that of the argument. It did not check that the cert it found and the cert it was passed were actually the same certificate. In 3.11.0 an extension of path validation logic was made which assumed that certificate_known only returned true if the certificates were in fact identical. The impact is that if an end entity certificate is presented, and its DN (and subject key identifier, if set) match that of any trusted root, the end entity certificate is accepted immediately as if it itself were a trusted root. , This vulnerability is fixed in 3.11.1.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

GitHub M

Đặt trước

30/03/2026

Tiết lộ

08/04/2026

Kiểm duyệt

được chấp nhận

mục

VDB-355957

CPE

sẵn sàng

CWE

CWE-295 (Đã xác nhận)

CVSS

3.7 (VulDB)

EPSS

0.00009

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-34580
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-34580
CVE Details	https://www.cvedetails.com/cve/CVE-2026-34580/

◂ Trước Tổng Quan Tiếp theo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!