CVE Catalog

CVE-2026-6450

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

A vulnerability in the ParseCRL_Extensions function allows bypassing critical CRL extensions, enabling a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where the crafted CRL has a trusted signature during parsing.

Risk Assessment

The organization may accept an invalid CRL, leading to incorrect certificate authentication and potential security breaches in communication.

Recommendation

Update the software to a version where the ParseCRL_Extensions function is fixed. If no update is available, temporarily disable CRL support or implement additional CRL verification mechanisms.

Original NVD description (English source)

A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when parsed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS