CVE-2026-34580

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.11.1

Description The Botan cryptography library contains a flaw in the Certificate Store::certificate known function. This function incorrectly identifies certificates, returning true if any certificate in the store has a matching Distinguished Name (DN) and Subject Key Identifier (SKI) with the provided certificate, without verifying if the certificates are identical. A subsequent extension of path validation logic incorrectly assumed that certificate known only returned true for identical certificates. This allows an end entity certificate to be accepted as a trusted root if its DN and SKI match those of a trusted root certificate.

Recommendations Update to version 3.11.1 or later.