Home/CWE/Improper Check for Certificate Revocation
Weakness

Improper Check for Certificate Revocation

CWE-299 · Base · Draft

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

Extended description

An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-295 · Improper Certificate Validation
ChildOfCWE-404 · Improper Resource Shutdown or Release
Children (more specific)
ParentOfCWE-370 · Missing Check for Certificate Revocation after Initial Check

CVEs With This Weakness

8
CVEs tagged with this weakness.
CVECVE-2026-4428
CVECVE-2025-36057
CVECVE-2025-3085
CVECVE-2025-11955
CVECVE-2024-56138
CVECVE-2023-23690
CVECVE-2020-1675
CVECVE-2020-16228
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin