CVE-2026-34582

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.11.1

Description The TLS 1.3 implementation in Botan allowed processing of ApplicationData records before the Finished message was received. This could allow a client to bypass server-enforced client authentication via certificates by omitting the Certificate, CertificateVerify, and Finished messages and instead sending application data records.

Recommendations Update to version 3.11.1 or later.