EUVD-2026-13237
GHSA-9f94-5g5w-gf6r
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4Description
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.
Analysis
A logic error in AWS-LC's CRL (Certificate Revocation List) distribution point validation causes the cryptographic library to incorrectly reject partitioned CRLs as out of scope, allowing revoked certificates to bypass certificate revocation checks. This authentication bypass vulnerability affects AWS-LC versions before 1.71.0 and AWS-LC-FIPS versions before 3.3.0, potentially allowing attackers to use revoked certificates for unauthorized access to systems that rely on AWS-LC for certificate validation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems and applications using AWS-LC library and assess exposure scope. Within 7 days: Develop and test upgrade plan to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0 across development, staging, and production environments. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today