CVE-2026-34582
highCVSS v3 Base Score
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 90% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in Botan, a C++ cryptography library. The TLS 1.3 implementation in Botan allows application data to be processed before the TLS handshake is fully completed. A remote attacker can exploit this by omitting critical client authentication messages, such as the Certificate, CertificateVerify, and Finished messages, and instead sending application data. This vulnerability enables a client to bypass server-enforced client authentication, potentially leading to unauthorized access.
CWE
CWE-166Affected Products
Red Hat Enterprise Linux 10