CVE-2026-34582
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed pri
CVSS
9.1
Crítico
EPSS
0.2%
p14
KEV
—
Exploit Today
4
0-100
Publicado: 7 abr 2026 · Última mod.: 15 jul 2026 · CWE-841 · CWE-166
0.2%EPSS · 30 días0.2%
2026-06-302026-07-18
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.
- github.comhttps://github.com/randombit/botan/security/advisories/GHSA-pxcj-9ppx-g86g
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-34582
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2456285
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34582.json
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2024-463077.5 ALT36.9%
——11A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.14dCVE-2026-422467.4 ALT24.6%
——7Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.4dCVE-2025-363334.3 MED20.3%
——6IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.12d