VDB
CVE-2026-32883
CVE-2026-32883
PUBLISHED
CVSS 5.900000095367432 MEDIUM
Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.
EPSS 0.01% · 1.0th percentile
Risk Scores
CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.01%
1.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| randombit | botan | >= 3.0.0, < 3.11.0, >= 3.0.0, < 3.11.0 |
| botan_project | botan | 3.0.0 |
Timeline
- Mar 30, 2026 CVE Published
- Apr 2, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score