Botan is a widely used C++ cryptography library that handles X.509 certificate path validation among other cryptographic functions. Prior to version 3.11.0, Botan implemented a check for DNS name constraints on certificates that lacked a Subject Alternative Name (SAN) extension by validating the Common Name (CN) field against the allowed DNS names. According to RFC 5280, if SANs are present, CN should not be used for name validation, but Botan performed this CN check when SAN was absent. The vulnerability arises because Botan's comparison of the CN against the DNS name constraints was case-sensitive, failing to normalize or perform a case-insensitive comparison. This allowed a certificate with a mixed-case CN, such as "Sub.EVIL.COM", to bypass excludedSubtrees constraints that should have blocked domains like "evil.com". This improper certificate validation (CWE-295) could allow an attacker to present a malicious certificate that appears valid under Botan's validation logic, potentially undermining the integrity of TLS or other cryptographic protocols relying on Botan. The vulnerability is identified as CVE-2026-32884 and has a CVSS 3.1 base score of 5.9 (medium severity), reflecting its impact on integrity without affecting confidentiality or availability. The issue was patched in Botan version 3.11.0 by correcting the case sensitivity in the CN comparison logic to properly enforce DNS name constraints as per RFC 5280.

This vulnerability impacts any application or system that uses Botan versions prior to 3.11.0 for X.509 certificate validation, especially where name constraints are enforced to restrict acceptable DNS names in certificates. The improper validation could allow attackers to bypass domain restrictions by exploiting case sensitivity in CN fields, potentially enabling man-in-the-middle (MITM) attacks, unauthorized access, or impersonation of trusted entities. Although the vulnerability does not directly expose confidentiality or availability, the integrity compromise can undermine trust in secure communications, digital signatures, and authentication mechanisms relying on Botan. Organizations using Botan in security-sensitive applications such as VPNs, secure messaging, embedded devices, or TLS libraries may be at risk. The absence of known exploits in the wild suggests limited current exploitation, but the vulnerability remains a significant risk if unpatched, especially in environments with strict domain name constraints.

The primary mitigation is to upgrade Botan to version 3.11.0 or later, where the certificate validation logic has been corrected to perform case-insensitive comparisons of CN fields against DNS name constraints. For organizations unable to immediately upgrade, a temporary mitigation could involve implementing additional certificate validation checks externally to Botan, ensuring case-insensitive matching of CN against name constraints or enforcing the presence of SAN extensions in certificates. Developers should audit their use of Botan for certificate validation and avoid relying solely on CN fields when SANs are absent, aligning with RFC 5280 best practices. Additionally, monitoring for suspicious certificates with mixed-case CNs that could exploit this flaw is advisable. Security teams should also review their cryptographic libraries and dependencies to confirm Botan versions and patch status, and consider compensating controls such as certificate pinning or enhanced validation in client applications.