CVE-2026-32883
Botan: Missing OCSP Response Signature Verification Allows MitM Certificate Revocation Bypass
CVSS Score
5.9
EPSS Score
0.0%
EPSS Percentile
5th
Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.
| CWE | CWE-347 |
| Vendor | randombit |
| Product | botan |
| Published | Mar 30, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for randombit botan
Be the first to know when new medium vulnerabilities affecting randombit botan are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Affected Versions
randombit / botan
>= 3.0.0, < 3.11.0