VDB

CISA-2026-4428

CISA-2026-4428 PUBLISHED CVSS 7.4 HIGH

Reported by AMZN · Published March 19, 2026

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.

Risk Scores

CVSS 3.1
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
AWSAWS-LC1.24.0
AWSAWS-LC-FIPS3.0.0
AWSAWS-LC1.24.0, 1.24.0
AWSAWS-LC-FIPS3.0.0, 3.0.0

Timeline

  • Mar 19, 2026 CVE Published
  • Mar 25, 2026 CVE Updated

References

  • vendor-advisory
  • patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›