CVE-2026-6450
Received Received - Intake
CRL Critical Extension Bypass in wolfSSL

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: wolfSSL Inc.

Description
A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when parsed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-6450
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolfssl parsecrl_extensions *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a CRL (Certificate Revocation List) critical extension bypass in the ParseCRL_Extensions function. It occurs because critical extensions in a CRL are not properly enforced, which means that a specially crafted CRL containing an unhandled critical extension can be accepted as valid. This issue only affects builds where CRL support is enabled and the crafted CRL has a trusted signature when parsed.

Impact Analysis

The impact of this vulnerability is that an attacker could present a crafted CRL with unhandled critical extensions that bypass normal validation checks. This could lead to the acceptance of revoked certificates as valid, potentially undermining the security of systems relying on CRL checks for certificate revocation status.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6450. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart