The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a     misleading name; it would return true if any certificate in the store had a DN (and subject key     identifier, if set) matching that of the argument. It did not check that the cert it found and the cert it     was passed were actually the same certificate. In 3.11.0 an extension of path validation logic was made     which assumed that certificate_known only returned true if the certificates were in fact identical. The     impact is that if an end entity certificate is presented, and its DN (and subject key identifier, if set)     match that of any trusted root, the end entity certificate is accepted immediately as if it itself were a     trusted root. , This vulnerability is fixed in 3.11.1. (CVE-2026-34580)

Note that Nessus relies on the presence of the package as reported by the vendor.

Detections

Analytics

Linux Distros Unpatched Vulnerability : CVE-2026-34580

critical Nessus Plugin ID 305569

Version 1.4