HIGHCVE-2026-32877CVSS 8.2

CVE-2026-32877: Botan SM2 Decryption Heap Over-Read Vulnerability

Q: What is CVE-2026-32877 in Botan?

Versions of Botan from 2.3.0 up to, but not including, 3.11.0 are affected by this vulnerability.

Q: Am I affected by CVE-2026-32877 in Botan?

You can check your Botan version by consulting your project's documentation or using dependency management tools.

Q: How do I fix CVE-2026-32877 in Botan?

If you cannot update immediately, consider implementing additional mitigation measures, such as input validation and limiting the library's exposure.

Q: Is CVE-2026-32877 being actively exploited?

Some static and dynamic security analysis tools may be able to detect this vulnerability. Consult your security tool documentation for more information.

Q: Where can I find the official Botan advisory for CVE-2026-32877?

SM2 is a public-key cryptography algorithm developed in China, used for digital signatures and encryption.

Platform

cpp

Component

botan

Fixed in

2.3.1

AI Confidence: highNVDEPSS 0.1%Reviewed: Mar 2026

View on NVD

Save

CVE-2026-32877 describes a heap over-read vulnerability in the Botan cryptography library. Specifically, during SM2 decryption, the code failed to properly validate the length of the authentication code, potentially leading to a heap over-read and a crash or undefined behavior. This vulnerability affects Botan versions 2.3.0 up to, but not including, version 3.11.0. The issue has been addressed and patched in Botan version 3.11.0.

Impact and Attack Scenarios

CVE-2026-32877 affects the Botan cryptography library in versions from 2.3.0 up to, but not including, 3.11.0. During SM2 decryption, the code responsible for checking the authentication code value (C3) fails to validate the expected length of the encoded value before performing the comparison. A malicious ciphertext can trigger a heap over-read of up to 31 bytes, potentially leading to a crash or other undefined behavior. This vulnerability could allow an attacker to gain sensitive information or execute arbitrary code.

Exploitation Context

Exploitation of this vulnerability requires an attacker to control the SM2 ciphertext being processed. A specially crafted ciphertext can be designed to trigger the heap over-read during the decryption process. The difficulty of exploitation depends on the attacker's ability to influence the ciphertext and the sensitivity of the data being protected. While no public exploits have been reported, the severity of the vulnerability warrants immediate attention and remediation.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

Reports2 threat reports

EPSS

0.05% (17% percentile)

CISA SSVC

Exploitationnone

Automatableyes

Technical Impactpartial

CVSS Vector

Affected Software

Componentbotan

Vendorrandombit

Affected rangeFixed in

>= 2.3.0, < 3.11.0 – >= 2.3.0, < 3.11.02.3.1

Weakness Classification (CWE)

CWE-125

Timeline

Reserved2026-03-16
Published2026-03-30
Modified2026-03-31
EPSS updated2026-04-07

Mitigation and Workarounds

The recommended mitigation for this vulnerability is to upgrade Botan to version 3.11.0 or later. This version includes a fix that correctly validates the encoded value's length before comparison, preventing the heap over-read. Users are strongly advised to apply this update as soon as possible to reduce the risk of exploitation. Additionally, review application dependencies to ensure all libraries are updated and protected against known vulnerabilities. Consider implementing input validation and other defensive coding practices.

How to fix

Actualice la biblioteca Botan a la versión 3.11.0 o superior. Esto corregirá la vulnerabilidad de lectura fuera de límites en el proceso de descifrado SM2. La actualización asegura que la longitud del valor del código de autenticación (C3) se verifique correctamente antes de la comparación, evitando así la posible sobrelectura del heap.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-32877 in Botan?

Versions of Botan from 2.3.0 up to, but not including, 3.11.0 are affected by this vulnerability.

Am I affected by CVE-2026-32877 in Botan?

You can check your Botan version by consulting your project's documentation or using dependency management tools.

How do I fix CVE-2026-32877 in Botan?

If you cannot update immediately, consider implementing additional mitigation measures, such as input validation and limiting the library's exposure.

Is CVE-2026-32877 being actively exploited?

Some static and dynamic security analysis tools may be able to detect this vulnerability. Consult your security tool documentation for more information.

Where can I find the official Botan advisory for CVE-2026-32877?

SM2 is a public-key cryptography algorithm developed in China, used for digital signatures and encryption.

NextGuard

Vulnerabilities

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free

Search CVEs

What do these metrics mean?

Attack Vector: Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity: Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required: None — unauthenticated. No login or credentials needed to exploit.
User Interaction: None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: Low — partial or indirect data access. Attacker gains limited information.
Integrity: None — no integrity impact. Attacker cannot modify data.
Availability: High — complete crash or resource exhaustion. Full denial of service.