CVE-2026-32883

Botan: Missing OCSP Response Signature Verification Allows MitM Certificate Revocation Bypass

Description

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.

INFO

Published Date :

2026-03-30T20:36:30.579Z

Last Modified :

2026-03-30T20:36:30.579Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-32883 vulnerability.

Vendors	Products
Randombit	Botan

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32883.

URL	Resource
https://github.com/randombit/botan/security/advisories/GHSA-9j2j-hqmc-hf5x

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact