CVE-2026-6899 | THREATINT

Description

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate.

PUBLISHED Reserved 2026-04-23 | Published 2026-06-09 | Updated 2026-06-09 | Assigner GitLab

MEDIUM: 5.6CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-299: Improper Check for Certificate Revocation

Product status

Default status

unaffected

1.5.0 (semver) before 1.7.3

affected

Credits

Systerel finder

References

gitlab.com/systerel/S2OPC/-/work_items/1739

cve.org (CVE-2026-6899)

nvd.nist.gov (CVE-2026-6899)

Download JSON