What is CVE-2026-32883?

CVE-2026-32883 is a medium-severity vulnerability in Randombit Botan, classified under Improper Verification of Cryptographic Signature. CVSS score: 5.9/10. Published 2026-03-30.

How severe is CVE-2026-32883?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Randombit Botan

CVE-2026-32883

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response…

EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Randombit Botan — versions >= 3.0.0, < 3.11.0

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

https://github.com/randombit/botan/security/advisories/GHSA-9j2j-hqmc-hf5x (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-32883?: CVE-2026-32883 is a medium-severity vulnerability in Randombit Botan, classified under Improper Verification of Cryptographic Signature. CVSS score: 5.9/10. Published 2026-03-30.
How severe is CVE-2026-32883?: Medium severity. CVSS v3 base score is 5.9 out of 10.