Is CVE-2026-32877 actively exploited?

CVE-2026-32877 has no public evidence of in-the-wild exploitation as of 2026-04-13.

What is the CVSS score for CVE-2026-32877?

CVE-2026-32877 has a CVSS score of 8.2 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H.

How do I patch CVE-2026-32877?

Patch guidance is available from botan project security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-32877.

Which products are affected by CVE-2026-32877?

1 product: botan project botan.

Fix CVE-2026-32877 - HIGH botan project botan

Description

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: high
Weaknesses: CWE-125 · Out-of-bounds Read

Metadata

Primary Vendor: BOTAN_PROJECT
Published: 3/30/2026
Last Modified: 4/13/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2026-32877

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary