Not a lawyer, do pay a lot of attention to this area for professional reasons. Answer: it doesn't, unless you (1) found the vulnerability through methods that themselves violate CFAA (for instance, by breaking into a remote computer), or (2) sold information about the vulnerability knowing that it would be used for a particular set of crimes, in which case you can get accomplice liability for those crimes.

CFAA doesn't have anything to say about vulnerability research itself. You'd be just as liable as an accomplice if you knowingly and deliberately provided free wi-fi to a hacker.