(I'm not a lawyer but) I think that would involve you in the conspiracy to commit the cybercrime, if you developed the exploit and sold it to an entity that used it with wrongful intent.
A lot of it includes the phrasing "with intent to defraud" so it may depend on whether the court can show you knew your highest bidder was going to use it in this way.
(apologies for citing US-centric law, I figured it was most relevant to the current discussion but things may vary by jurisdiction, though probably not by much)
From a speech perspective, if I discovered an exploit and wrote a paper explaining it, what law prevents me from selling that research?