diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 0aabc617d..f8fbc176b 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -1132,6 +1132,11 @@ hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src,
 	msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
 	if (!msg) {
 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
+		if (hapd->dpp_pkex->failed) {
+			wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
+			dpp_pkex_free(hapd->dpp_pkex);
+			hapd->dpp_pkex = NULL;
+		}
 		return;
 	}
 
diff --git a/src/common/dpp.c b/src/common/dpp.c
index b08a81bf2..478ae53ff 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -6454,6 +6454,7 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
 			    2, addr, len, unwrapped) < 0) {
 		dpp_pkex_fail(pkex,
 			      "AES-SIV decryption failed - possible PKEX code mismatch");
+		pkex->failed = 1;
 		goto fail;
 	}
 	wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 9186a1588..87131f5fd 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1556,6 +1556,11 @@ wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
 	msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
 	if (!msg) {
 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
+		if (pkex->failed) {
+			wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
+			dpp_pkex_free(wpa_s->dpp_pkex);
+			wpa_s->dpp_pkex = NULL;
+		}
 		return;
 	}