CVE-2026-6450
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
A vulnerability in the ParseCRL_Extensions function allows bypassing critical CRL extensions, enabling a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where the crafted CRL has a trusted signature during parsing.
Risk Assessment
The organization may accept an invalid CRL, leading to incorrect certificate authentication and potential security breaches in communication.
Recommendation
Update the software to a version where the ParseCRL_Extensions function is fixed. If no update is available, temporarily disable CRL support or implement additional CRL verification mechanisms.
Original NVD description (English source)
A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when parsed.

