CVE-2026-34582
Modified Modified - Updated After Analysis

TLS 1.3 Authentication Bypass in Botan Cryptography Library

Vulnerability report for CVE-2026-34582, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-07

Last updated on: 2026-06-30

Assigner: GitHub, Inc.

Description

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-07
Last Modified
2026-06-30
Generated
2026-07-06
AI Q&A
2026-04-08
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
botan_project botan From 3.0.0 (inc) to 3.11.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-166 The product receives input from an upstream component, but it does not handle or incorrectly handles when an expected special element is missing.
CWE-841 The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

The vulnerability is fixed in Botan version 3.11.1. Immediate mitigation involves upgrading the Botan cryptography library to version 3.11.1 or later.

Executive Summary

This vulnerability exists in the Botan C++ cryptography library's TLS 1.3 implementation prior to version 3.11.1. It allows ApplicationData records to be processed before the Finished message is received during a TLS handshake.

Specifically, a server that enforces client authentication via certificates can be bypassed by a client that omits sending the Certificate, CertificateVerify, and Finished messages, and instead sends application data records directly.

This means the client can skip the authentication steps and still have its application data processed, which is a security flaw.

Impact Analysis

This vulnerability can allow an attacker to bypass client authentication on a server using Botan's TLS 1.3 implementation prior to version 3.11.1.

As a result, unauthorized clients could send application data without proving their identity, potentially leading to unauthorized access or data exposure.

This undermines the security guarantees of TLS client authentication and could compromise the confidentiality and integrity of communications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34582. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart