Improper Certificate Validation in wolfSSL - CVE-2026-6450
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass CRL critical extension enforcement.
The vulnerability exists due to improper certificate validation in ParseCRL_Extensions when parsing CRLs with unhandled critical extensions. A remote attacker can supply a crafted CRL with an unhandled critical extension to bypass CRL critical extension enforcement.
Only builds with CRL support enabled are affected, and the crafted CRL must have a trusted signature when parsed.