Skip to main content

Botan EUVDEUVD-2026-19948

| CVE-2026-34582 HIGH
Improper Enforcement of Behavioral Workflow (CWE-841)
2026-04-07 GitHub_M
8.7
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Red Hat
9.1 HIGH
qualitative

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 17, 2026 - 20:37 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 06:02 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
3.11.1
EUVD ID Assigned
Apr 07, 2026 - 21:31 euvd
EUVD-2026-19948
Analysis Generated
Apr 07, 2026 - 21:31 vuln.today
CVE Published
Apr 07, 2026 - 21:13 nvd
HIGH 8.7

DescriptionCVE.org

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.

AnalysisAI

TLS 1.3 client authentication bypass in Botan cryptography library versions prior to 3.11.1 allows unauthenticated remote attackers to skip certificate validation by sending ApplicationData records before the Finished handshake message. Exploiting this vulnerability requires no authentication (PR:N), low attack complexity (AC:L), and no user interaction (UI:N), resulting in complete integrity compromise (VI:H) for TLS 1.3 servers relying on mutual authentication. CVSS 8.7 severity reflects the network-accessible attack surface and direct violation of cryptographic protocol invariants (CWE-841: Improper Enforcement of Behavioral Workflow). No public exploit identified at time of analysis, though the protocol-level flaw in a widely-used cryptographic library presents significant risk to certificate-based access control mechanisms.

Technical ContextAI

Botan (randombit/botan) is a C++ cryptography library providing TLS 1.3 implementation among other cryptographic primitives. The vulnerability stems from CWE-841 (Improper Enforcement of Behavioral Workflow), specifically a state machine flaw in the TLS 1.3 handshake validation logic. RFC 8446 mandates that in client-authenticated TLS 1.3 connections, the Certificate, CertificateVerify, and Finished messages must be received and validated before processing ApplicationData. The Botan implementation incorrectly accepted ApplicationData records prematurely, allowing clients to bypass the final authentication step. The Finished message contains a MAC over the entire handshake transcript including certificate verification data; processing application data before validating this MAC violates fundamental TLS security properties. This affects the cpe:2.3:a:randombit:botan product across all versions before 3.11.1 where TLS 1.3 server functionality with client authentication is enabled.

RemediationAI

Vendor-released patch: Upgrade to Botan version 3.11.1 or later, which corrects the TLS 1.3 state machine to properly enforce handshake message ordering and reject ApplicationData records received before validating the client's Finished message. The fix is confirmed in the vendor advisory at https://github.com/randombit/botan/security/advisories/GHSA-pxcj-9ppx-g86g. Organizations unable to immediately upgrade should consider temporary mitigations including disabling TLS 1.3 client authentication and reverting to TLS 1.2 with client certificates, or implementing additional application-layer authentication controls that do not rely solely on TLS client certificates. Review logs for anomalous connection patterns where application data was exchanged without complete handshake sequences, though detection may be challenging without protocol-level inspection.

More in Botan

View all
CVE-2016-2195 CRITICAL
9.8 May 13

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers t

CVE-2016-2196 CRITICAL
9.8 May 13

Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cau

CVE-2017-2801 MEDIUM POC
6.5 May 24

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string compariso

CVE-2024-50383 MEDIUM POC
5.9 Oct 23

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/d

CVE-2024-50382 MEDIUM POC
5.9 Oct 23

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils

CVE-2021-40529 MEDIUM POC
5.9 Sep 06

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery

CVE-2018-12435 MEDIUM POC
5.9 Jun 15

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of

CVE-2015-7826 CRITICAL
9.8 Apr 10

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers t

CVE-2016-6878 CRITICAL
9.8 Apr 10

The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to

CVE-2016-9132 CRITICAL
9.8 Jan 30

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect l

CVE-2021-24115 CRITICAL
9.8 Feb 22

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, ba

CVE-2018-9127 CRITICAL
9.8 Apr 02

Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as v

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Linux Enterprise Server 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security Fixed
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP5 Fixed

Share

EUVD-2026-19948 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy