Main Vulnerability Database Vulnerabilities #VU125382

#VU125382 Improper Certificate Validation in Botan - CVE-2026-32884

Published: April 8, 2026

Vulnerability identifier: #VU125382

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-32884

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Botan

Software vendor:
Randombit

Description

The vulnerability allows a remote attacker to bypass DNS name constraints enforcement.

The vulnerability exists due to improper certificate validation in X.509 certificate path processing when validating a certificate chain with DNS excludedSubtrees constraints and an end-entity certificate that has a mixed-case CN and no subject alternative name. A remote attacker can present a specially crafted certificate to bypass DNS name constraints enforcement.

This issue is relevant when nameConstraints are used to restrict allowable DNS names.

Remediation

Install security update from vendor's website.

External links

https://github.com/randombit/botan/security/advisories/GHSA-7c3g-7763-ggj5

#VU125382 Improper Certificate Validation in Botan - CVE-2026-32884

Description

Remediation

External links

Please verify you're human