EUVD-2026-19947
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching that of the argument. It did not check that the cert it found and the cert it was passed were actually the same certificate. In 3.11.0 an extension of path validation logic was made which assumed that certificate_known only returned true if the certificates were in fact identical. The impact is that if an end entity certificate is presented, and its DN (and subject key identifier, if set) match that of any trusted root, the end entity certificate is accepted immediately as if it itself were a trusted root. , This vulnerability is fixed in 3.11.1.
Analysis
Certificate validation bypass in Botan 3.11.0 allows unauthenticated remote attackers to impersonate trusted certificate authorities by presenting end-entity certificates with matching Distinguished Names and subject key identifiers. The flaw in Certificate_Store::certificate_known incorrectly accepts malicious certificates as trusted roots without verifying actual certificate identity, enabling complete TLS/PKI chain validation bypass. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit all systems to identify applications and services running Botan 3.11.0 using dependency scanners and software inventory tools; immediately disable or isolate affected services if possible. Within 7 days: Upgrade all instances to Botan 3.11.1 or later; test compatibility in staging environments before production deployment. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today