CVE-2026-4428 (GCVE-0-2026-4428)

Vulnerability from cvelistv5 – Published: 2026-03-19 20:37 – Updated: 2026-03-25 14:13
VLAI
Title
CRL Distribution Point Scope Check Logic Error in AWS-LC
Summary
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-299 - Improper check for certificate revocation
Assigner
Impacted products
Vendor Product Version
AWS AWS-LC Affected: 1.24.0 , < 1.71.0 (custom)
Create a notification for this product.
AWS AWS-LC-FIPS Affected: 3.0.0 , < 3.3.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4428",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T14:13:28.437867Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:13:42.572Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AWS-LC",
          "vendor": "AWS",
          "versions": [
            {
              "lessThan": "1.71.0",
              "status": "affected",
              "version": "1.24.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AWS-LC-FIPS",
          "vendor": "AWS",
          "versions": [
            {
              "lessThan": "3.3.0",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows  a revoked certificate to bypass certificate revocation checks.\u003cbr\u003e\u003cbr\u003eTo remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.\u003c/p\u003e"
            }
          ],
          "value": "A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows  a revoked certificate to bypass certificate revocation checks.\n\nTo remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-94",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-94 Adversary in the Middle (AiTM)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-299",
              "description": "CWE-299 Improper check for certificate revocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-19T20:40:06.587Z",
        "orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "shortName": "AMZN"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://aws.amazon.com/security/security-bulletins/2026-010-AWS/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/aws/aws-lc/releases/tag/v1.71.0"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CRL Distribution Point Scope Check Logic Error in AWS-LC",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
    "assignerShortName": "AMZN",
    "cveId": "CVE-2026-4428",
    "datePublished": "2026-03-19T20:37:53.851Z",
    "dateReserved": "2026-03-19T13:42:59.783Z",
    "dateUpdated": "2026-03-25T14:13:42.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-4428",
      "date": "2026-07-09",
      "epss": "0.00252",
      "percentile": "0.16452"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-4428\",\"sourceIdentifier\":\"ff89ba41-3aa1-4d27-914a-91399e9639e5\",\"published\":\"2026-03-19T21:17:14.170\",\"lastModified\":\"2026-06-17T10:56:33.390\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows  a revoked certificate to bypass certificate revocation checks.\\n\\nTo remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.\"},{\"lang\":\"es\",\"value\":\"Un error l\u00f3gico en la validaci\u00f3n del punto de distribuci\u00f3n de CRL en AWS-LC anterior a 1.71.0 provoca que las CRL particionadas sean rechazadas incorrectamente por estar fuera de alcance, lo que permite que un certificado revocado eluda las comprobaciones de revocaci\u00f3n de certificados.\\n\\nPara remediar este problema, los usuarios deben actualizar a AWS-LC 1.71.0 o AWS-LC-FIPS-3.3.0.\"}],\"affected\":[{\"source\":\"ff89ba41-3aa1-4d27-914a-91399e9639e5\",\"affectedData\":[{\"vendor\":\"AWS\",\"product\":\"AWS-LC\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"1.24.0\",\"lessThan\":\"1.71.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"AWS\",\"product\":\"AWS-LC-FIPS\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"3.0.0\",\"lessThan\":\"3.3.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ff89ba41-3aa1-4d27-914a-91399e9639e5\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ff89ba41-3aa1-4d27-914a-91399e9639e5\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-25T14:13:28.437867Z\",\"id\":\"CVE-2026-4428\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"ff89ba41-3aa1-4d27-914a-91399e9639e5\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-299\"}]}],\"references\":[{\"url\":\"https://aws.amazon.com/security/security-bulletins/2026-010-AWS/\",\"source\":\"ff89ba41-3aa1-4d27-914a-91399e9639e5\"},{\"url\":\"https://github.com/aws/aws-lc/releases/tag/v1.71.0\",\"source\":\"ff89ba41-3aa1-4d27-914a-91399e9639e5\"}]}}",
    "redhat_vex": {
      "aggregate_severity": "Moderate",
      "current_release_date": "2026-06-28T07:38:36+00:00",
      "cve": "CVE-2026-4428",
      "id": "CVE-2026-4428",
      "initial_release_date": "2026-03-19T20:37:53.851000+00:00",
      "product_status:known_affected": "16",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "AWS-LC: AWS-LC: Security bypass allows revoked certificates to be accepted due to CRL validation error",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4428.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"ff89ba41-3aa1-4d27-914a-91399e9639e5\", \"shortName\": \"AMZN\", \"dateUpdated\": \"2026-03-19T20:40:06.587Z\"}, \"title\": \"CRL Distribution Point Scope Check Logic Error in AWS-LC\", \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-299\", \"description\": \"CWE-299 Improper check for certificate revocation\", \"type\": \"CWE\"}]}], \"impacts\": [{\"capecId\": \"CAPEC-94\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-94 Adversary in the Middle (AiTM)\"}]}], \"affected\": [{\"vendor\": \"AWS\", \"product\": \"AWS-LC\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.24.0\", \"lessThan\": \"1.71.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"AWS\", \"product\": \"AWS-LC-FIPS\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows  a revoked certificate to bypass certificate revocation checks.\\n\\nTo remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"\u003cp\u003eA logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows  a revoked certificate to bypass certificate revocation checks.\u003cbr\u003e\u003cbr\u003eTo remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.\u003c/p\u003e\"}]}], \"references\": [{\"url\": \"https://aws.amazon.com/security/security-bulletins/2026-010-AWS/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/aws/aws-lc/releases/tag/v1.71.0\", \"tags\": [\"patch\"]}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}], \"cvssV3_1\": {\"version\": \"3.1\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"baseSeverity\": \"HIGH\", \"baseScore\": 7.4, \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\"}}, {\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}], \"cvssV4_0\": {\"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"Safety\": \"NOT_DEFINED\", \"Automatable\": \"NOT_DEFINED\", \"Recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"version\": \"4.0\", \"baseSeverity\": \"CRITICAL\", \"baseScore\": 9.1, \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\"}}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-4428\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-25T14:13:28.437867Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-25T14:13:36.192Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-4428\", \"assignerOrgId\": \"ff89ba41-3aa1-4d27-914a-91399e9639e5\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"AMZN\", \"dateReserved\": \"2026-03-19T13:42:59.783Z\", \"datePublished\": \"2026-03-19T20:37:53.851Z\", \"dateUpdated\": \"2026-03-25T14:13:42.572Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…