CVE-2026-32884
Received Received - Intake

Case-Sensitive CN Bypass in Botan X.509 Name Constraints

Vulnerability report for CVE-2026-32884, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-30

Last updated on: 2026-04-13

Assigner: GitHub, Inc.

Description

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by the DNS name constraints, even though this check is technically not required by RFC 5280. However this check failed to account for the possibility of a mixed-case CN. Thus a certificate with CN=Sub.EVIL.COM and no subject alternative name would bypasses an excludedSubtrees constraint for evil.com because the comparison is case-sensitive. This issue has been patched in version 3.11.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-30
Last Modified
2026-04-13
Generated
2026-07-06
AI Q&A
2026-03-31
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
botan_project botan to 3.11.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Botan C++ cryptography library prior to version 3.11.0. When processing an X.509 certificate path with name constraints that restrict allowable DNS names, Botan checked the Common Name (CN) in the end-entity certificate if no subject alternative name was defined. However, this check was case-sensitive and did not properly handle mixed-case CN values. As a result, a certificate with a CN like "Sub.EVIL.COM" could bypass DNS name constraints that were meant to exclude domains such as "evil.com".

Impact Analysis

This vulnerability can allow an attacker to bypass DNS name constraints in certificate validation by using mixed-case characters in the CN field of a certificate. This means that a certificate that should have been rejected due to domain restrictions might be accepted, potentially allowing unauthorized or malicious certificates to be trusted. This can lead to man-in-the-middle attacks or other security breaches where an attacker impersonates a trusted entity.

Mitigation Strategies

To mitigate this vulnerability, upgrade the Botan cryptography library to version 3.11.0 or later, where the issue has been patched.

Detection Guidance

This vulnerability affects Botan versions prior to 3.11.0 when processing X.509 certificates with name constraints and no subject alternative name. To detect if your system is vulnerable, you need to determine if Botan is used and its version is older than 3.11.0.

You can check the Botan library version installed on your system by running commands such as:

  • For Linux systems, use: `dpkg -l | grep botan` or `rpm -qa | grep botan`
  • If Botan is built from source or included in an application, check the application documentation or use: `strings /path/to/library | grep Botan` to find version information.

Additionally, to detect certificates that might exploit this vulnerability, you can inspect certificates for a common name (CN) with mixed case that bypasses DNS name constraints, but this requires custom scripting and detailed certificate analysis.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32884. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart