CVE Catalog

CVE-2026-6899

MediumCVSS 5.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

6th percentile - higher than 6% of all known CVEs

Summary

In the S2OPC library's CycloneCrypto cryptographic wrapper, certificate revocation checks only consider the first matching CRL, ignoring other valid CRLs from the same CA. This may allow a connection between an OPC UA client and server using a revoked certificate.

Risk Assessment

The organization may be at risk of establishing connections with unauthorized entities, potentially leading to data security breaches.

Recommendation

It is recommended to update the S2OPC library and implement additional certificate verification mechanisms to ensure that all CRLs are considered.

Original NVD description (English source)

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS