CRL Critical Extension Bypass in wolfSSL
CVE-2026-6450

1LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-6450?

A vulnerability exists in wolfSSL where the critical enforcement of Certificate Revocation Lists (CRLs) is improperly handled, allowing a specially crafted CRL with an unprocessed critical extension to be accepted. This issue specifically affects builds of wolfSSL that have CRL support enabled and where a crafted CRL carries a valid trusted signature during the parsing process. This could potentially allow attackers to exploit this bypass, leading to unauthorized access or validation of revoked certificates.

Affected Version(s)

wolfSSL 4.3.0 <= 5.9.1

References

https://github.com/wolfSSL/wolfssl/pull/10239

patch

https://www.wolfssl.com/docs/security-vulnerabilities/

CVSS V4

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Apr 16, 2026

Credit

Oleh Konko (@1seal)

CVE-2026-6450 Data

JSON