Back to search
CVE-2026-34582
Published: Apr 7, 2026
Modified: Apr 8, 2026
PUBLISHED
Description
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.
| Vendor | Product | Versions |
|---|---|---|
randombit | botan | affected < 3.11.1 |
Weaknesses (CWE)
References
https://github.com/randombit/botan/security/advisories/GHSA-pxcj-9ppx-g86g
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now