CVE-2026-6899

Name of the Vulnerable Software and Affected Versions S2OPC library (affected versions not specified)

Description The CycloneCrypto cryptographic wrapper within the S2OPC library contains a flaw where certificate revocation checks only consider the first matching Certificate Revocation List (CRL) and ignore other valid CRLs from the same Certificate Authority (CA). This behavior could allow an OPC UA client and server to establish a connection using a revoked certificate.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.