What is the CVSS score of CVE-2026-32883?

CVE-2026-32883 has a CVSS 3.1 base score of 5.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-32883?

Yes, a patch is available for CVE-2026-32883. Update the affected software to the latest version immediately.

Jwt Attack CVE-2026-32883

EUVD-2026-17211 MEDIUM

Improper Verification of Cryptographic Signature (CWE-347)

2026-03-30 GitHub_M

Information Disclosure Red Hat Jwt Attack

5.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

3.11.0

EUVD ID Assigned

Mar 30, 2026 - 21:00 euvd

EUVD-2026-17211

Analysis Generated

Mar 30, 2026 - 21:00 vuln.today

CVE Published

Mar 30, 2026 - 20:36 nvd

MEDIUM 5.9

DescriptionNVD

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.

AnalysisAI

Botan cryptography library versions 3.0.0 through 3.10.x fail to verify OCSP response signatures during X.509 certificate path validation, allowing attackers to forge certificate status responses and potentially bypass revocation checks. This integrity bypass affects any application using Botan for TLS or certificate validation and requires network positioning but not authentication. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory