Cyber Resilience

CVE-2026-32877

High

Published: 30 March 2026

Published
30 March 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score 0.0028 19.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32877 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Botan Project Botan. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-32877 is a vulnerability in Botan, a C++ cryptography library, affecting versions from 2.3.0 up to but not including 3.11.0. The issue occurs during SM2 decryption, where the code responsible for verifying the authentication code value (C3) does not check if the encoded value matches the expected length before performing the comparison. This flaw enables an invalid ciphertext to trigger a heap over-read of up to 31 bytes, potentially leading to a crash or other undefined behavior. The vulnerability is classified under CWE-125 (Out-of-bounds Read) with a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By supplying a specially crafted invalid ciphertext to an application using the affected Botan versions for SM2 decryption, the attacker can induce a heap over-read. This results in high availability impact through application crashes, low confidentiality impact from potential information disclosure via the over-read, and no integrity impact, though undefined behavior could lead to further consequences depending on the context.

The Botan project has addressed this issue in version 3.11.0, where the decryption code now properly validates the length of the C3 value prior to comparison. Security practitioners should upgrade to Botan 3.11.0 or later. Additional details are available in the project's security advisory at https://github.com/randombit/botan/security/advisories/GHSA-7jj6-4r42-w9h6.

EU & UK References

Vulnerability details

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value was of the expected length prior to comparison.…

more

An invalid ciphertext can cause a heap over-read of up to 31 bytes, resulting in a crash or potentially other undefined behavior. This issue has been patched in version 3.11.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated OOB read in SM2 decryption path directly enables exploitation of public-facing apps (T1190) and causes application crashes for DoS (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-34582Same product: Botan Project Botan
CVE-2026-34580Same product: Botan Project Botan
CVE-2026-40890Shared CWE-125
CVE-2026-26264Shared CWE-125
CVE-2026-21863Shared CWE-125
CVE-2026-33598Shared CWE-125
CVE-2026-4750Shared CWE-125
CVE-2026-3622Shared CWE-125
CVE-2026-41503Shared CWE-125
CVE-2026-26008Shared CWE-125

Affected Assets

botan project
botan
2.3.0 — 3.11.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and patching of flaws such as the heap over-read vulnerability in Botan SM2 decryption triggered by invalid ciphertext lengths.

prevent

Enforces validation of input ciphertexts prior to SM2 decryption to block malformed C3 values that bypass length checks in vulnerable Botan versions.

prevent

Implements memory protection mechanisms like randomization and non-executable heaps to mitigate exploitation of the heap over-read during Botan SM2 decryption.

References