VDB
CISA-2026-4428
CISA-2026-4428
PUBLISHED
CVSS 7.4 HIGH
Reported by AMZN · Published March 19, 2026
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.
Risk Scores
CVSS 3.1
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| AWS | AWS-LC | 1.24.0 |
| AWS | AWS-LC-FIPS | 3.0.0 |
| AWS | AWS-LC | 1.24.0, 1.24.0 |
| AWS | AWS-LC-FIPS | 3.0.0, 3.0.0 |
Timeline
- Mar 19, 2026 CVE Published
- Mar 25, 2026 CVE Updated