What is CVE-2026-32877?

CVE-2026-32877 is a high-severity vulnerability in Randombit Botan, classified under Out-of-bounds Read. CVSS score: 8.2/10. Published 2026-03-30.

How severe is CVE-2026-32877?

High severity. CVSS v3 base score is 8.2 out of 10.

Out-of-bounds Read in Randombit Botan

CVE-2026-32877

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to co…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (20.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H.

Affected products

Randombit Botan — versions >= 2.3.0, < 3.11.0

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://github.com/randombit/botan/security/advisories/GHSA-7jj6-4r42-w9h6 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-32877?: CVE-2026-32877 is a high-severity vulnerability in Randombit Botan, classified under Out-of-bounds Read. CVSS score: 8.2/10. Published 2026-03-30.
How severe is CVE-2026-32877?: High severity. CVSS v3 base score is 8.2 out of 10.