Vulnerability in Randombit Botan

CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching that of th…

Vulnerability class: Improper Certificate Validation

EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.

Affected products

Randombit Botan — versions >= 3.11.0, < 3.11.1

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

https://github.com/randombit/botan/security/advisories/GHSA-v782-6fq4-q827 (x_refsource_CONFIRM)