{
  "threat_severity" : "Important",
  "public_date" : "2026-04-07T21:12:09Z",
  "bugzilla" : {
    "description" : "Botan: Botan: Certificate validation bypass due to incorrect certificate matching",
    "id" : "2456288",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2456288"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-295",
  "details" : [ "Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching that of the argument. It did not check that the cert it found and the cert it was passed were actually the same certificate. In 3.11.0 an extension of path validation logic was made which assumed that certificate_known only returned true if the certificates were in fact identical. The impact is that if an end entity certificate is presented, and its DN (and subject key identifier, if set) match that of any trusted root, the end entity certificate is accepted immediately as if it itself were a trusted root. , This vulnerability is fixed in 3.11.1.", "A flaw was found in Botan, a C++ cryptography library. Due to a misleading function name and an assumption in path validation logic, an end entity certificate could be incorrectly accepted as a trusted root. This occurs when the end entity certificate's Distinguished Name (DN) and Subject Key Identifier (SKI) match those of any trusted root certificate in the store, even if the certificates are not identical. This vulnerability allows for a bypass of certificate validation, potentially enabling an attacker to present a malicious certificate that is trusted by the system." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Will not fix",
    "package_name" : "rust-sequoia-sq",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Will not fix",
    "package_name" : "rust-sequoia-sqv",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-34580\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34580\nhttps://github.com/randombit/botan/security/advisories/GHSA-v782-6fq4-q827" ],
  "name" : "CVE-2026-34580",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}