Skip to main content

CWE-299

Improper Check for Certificate Revocation

9 CVEs Avg CVSS 7.0 MITRE
0
CRITICAL
6
HIGH
3
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-61699 Go HIGH POC PATCH GHSA This Week

Certificate revocation bypass in forgekeep/nebula-mesh before 0.7.1 lets a blocked, offboarded, or compromised host keep full mesh connectivity because the per-CA blocklist is computed and shipped by the server but never applied by the agent. The agent decodes the updates response's Blocklist field and discards it, and the config generator has no field to emit pki.blocklist, so Nebula's only revocation control never reaches any peer's config.yml. Rated CVSS 8.1; no CISA KEV listing, but a benign proof-of-concept test is published and the fix is available in v0.7.1.

Information Disclosure
NVD GitHub
CVSS 3.1
8.1
CVE-2026-9636 HIGH This Week

Certificate revocation bypass in Rockwell Automation ControlLogix 5580, CompactLogix 5380, GuardLogix 5580, Compact GuardLogix 5380, and 1756-EN4TR (EN4) communication modules allows a network-based attacker to establish a CIP Security connection using a certificate whose issuing intermediate CA has been revoked. Because the controller does not honor the Certificate Revocation List (CRL) for a revoked intermediate, an attacker holding such a certificate can present it as trusted and bypass CIP Security authentication. No public exploit identified at time of analysis; the vendor rates it CVSS 4.0 8.2 (High).

Authentication Bypass Controllogix 5580 Compactlogix 5380 Guardlogix 5580 Compact Guardlogix 5380 1756 En4Tr
NVD VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-6899 MEDIUM PATCH This Month

Improper certificate revocation checking in S2OPC's CycloneCrypto wrapper permits OPC UA connections authenticated with revoked certificates. The library evaluates only the first Certificate Revocation List (CRL) matching a given CA and silently discards any additional valid CRLs issued by that same CA - meaning a certificate listed exclusively in a secondary CRL passes validation unchallenged. With CVSS 5.6 (AV:N/AC:H/PR:N/UI:N), all published versions of systerel/s2opc are affected per CPE. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure S2Opc
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-4428 Cargo HIGH PATCH This Week

A logic error in AWS-LC's CRL (Certificate Revocation List) distribution point validation causes the cryptographic library to incorrectly reject partitioned CRLs as out of scope, allowing revoked certificates to bypass certificate revocation checks. This authentication bypass vulnerability affects AWS-LC versions before 1.71.0 and AWS-LC-FIPS versions before 3.3.0, potentially allowing attackers to use revoked certificates for unauthorized access to systems that rely on AWS-LC for certificate validation. No active exploitation has been reported in KEV, and no EPSS score is available yet.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-3085 HIGH This Week

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass MongoDB
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-56138 Go MEDIUM PATCH Monitor

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2023-23690 HIGH This Week

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dell Cloud Mobility For Dell Emc Storage
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-1675 HIGH This Week

When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Mist Cloud Ui
NVD
CVSS 3.1
8.3
EPSS
0.6%
CVE-2020-16228 MEDIUM This Month

In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N. Rated medium severity (CVSS 6.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix Performancebridge Focal Point Intellivue Mp2 Mp90 Firmware Intellivue Mx100 Firmware +9
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVSS 8.1
HIGH POC PATCH This Week

Certificate revocation bypass in forgekeep/nebula-mesh before 0.7.1 lets a blocked, offboarded, or compromised host keep full mesh connectivity because the per-CA blocklist is computed and shipped by the server but never applied by the agent. The agent decodes the updates response's Blocklist field and discards it, and the config generator has no field to emit pki.blocklist, so Nebula's only revocation control never reaches any peer's config.yml. Rated CVSS 8.1; no CISA KEV listing, but a benign proof-of-concept test is published and the fix is available in v0.7.1.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

Certificate revocation bypass in Rockwell Automation ControlLogix 5580, CompactLogix 5380, GuardLogix 5580, Compact GuardLogix 5380, and 1756-EN4TR (EN4) communication modules allows a network-based attacker to establish a CIP Security connection using a certificate whose issuing intermediate CA has been revoked. Because the controller does not honor the Certificate Revocation List (CRL) for a revoked intermediate, an attacker holding such a certificate can present it as trusted and bypass CIP Security authentication. No public exploit identified at time of analysis; the vendor rates it CVSS 4.0 8.2 (High).

Authentication Bypass Controllogix 5580 Compactlogix 5380 Guardlogix 5580 Compact Guardlogix 5380 1756 En4Tr
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Improper certificate revocation checking in S2OPC's CycloneCrypto wrapper permits OPC UA connections authenticated with revoked certificates. The library evaluates only the first Certificate Revocation List (CRL) matching a given CA and silently discards any additional valid CRLs issued by that same CA - meaning a certificate listed exclusively in a secondary CRL passes validation unchallenged. With CVSS 5.6 (AV:N/AC:H/PR:N/UI:N), all published versions of systerel/s2opc are affected per CPE. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure S2Opc
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

A logic error in AWS-LC's CRL (Certificate Revocation List) distribution point validation causes the cryptographic library to incorrectly reject partitioned CRLs as out of scope, allowing revoked certificates to bypass certificate revocation checks. This authentication bypass vulnerability affects AWS-LC versions before 1.71.0 and AWS-LC-FIPS versions before 3.3.0, potentially allowing attackers to use revoked certificates for unauthorized access to systems that rely on AWS-LC for certificate validation. No active exploitation has been reported in KEV, and no EPSS score is available yet.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH This Week

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass MongoDB
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH Monitor

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dell Cloud Mobility For Dell Emc Storage
NVD
EPSS 1% CVSS 8.3
HIGH This Week

When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Mist Cloud Ui
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N. Rated medium severity (CVSS 6.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix Performancebridge Focal Point +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy