AWS has issued a security bulletin regarding a vulnerability in its cryptographic library, AWS-LC. The vulnerability, identified as CVE-2026-4428, affects X.509 certificate verification processes. It stems from a logic error within the CRL distribution point matching mechanism of AWS-LC. This error allows revoked certificates to potentially bypass revocation checks in specific scenarios. The vulnerability arises when CRL checking is enabled within the application. It specifically impacts applications that utilize partitioned CRLs incorporating Issuing Distribution Point (IDP) extensions. Therefore, applications without CRL checking are not vulnerable to this issue. Additionally, applications using complete non-partitioned CRLs without IDP extensions are also safe. The affected versions of AWS-LC and related components, including AWS-LC-FIPS, are detailed in the bulletin. Users are encouraged to consult the provided article for comprehensive details and the latest updates. This security bulletin is classified as important and requires attention from affected users. The bulletin was published on March 19, 2026.