CWE-299: Improper Check for Certificate Revocation
The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.
Last updated
Overview
An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.
Real-world CVEs
10 recorded CVEs are caused by CWE-299 (Improper Check for Certificate Revocation). The highest-severity and most recent are shown first. 3 new CWE-299 CVEs have been recorded so far in 2026 (4 in 2025).