Amazon Amazon Amazon

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Amazon product.

RSS Feeds for Amazon security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Amazon products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Amazon Sorted by Most Security Vulnerabilities since 2018

Amazon Aws166 vulnerabilities

Amazon Freertos20 vulnerabilities

Amazon Tough5 vulnerabilities

Amazon Workspaces4 vulnerabilities

Amazon Aws Encryption Sdk2 vulnerabilities

Amazon Amplify Cli1 vulnerability

Amazon Freertos Plus Tcp1 vulnerability

Amazon Ion1 vulnerability

Amazon Linux 20231 vulnerability

Amazon Alexa1 vulnerability

Recent Amazon Security Advisories

Advisory Title Published
2026-07-01 CVE-2026-14265- Deserialization of Untrusted Data in AWS Advanced JDBC Wrapper RemoteQueryCachePlugin July 1, 2026
2026-07-01 CVE-2026-13760 - OS Command Injection in NodejsFunction Docker Bundling in aws-cdk-lib July 1, 2026
2026-07-01 CVE-2026-13769 – Insecure file permissions in AWS CLI July 1, 2026
2026-06-29 CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF June 29, 2026
2026-06-23 CVE-2026-12957 and CVE-2026-12958 - Issues in Language Servers for AWS and Amazon Q Developer Plugins June 23, 2026
2026-06-19 Issue with containerd CRI Plugin - CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, CVE-2026-47262 June 19, 2026
2026-06-17 CVE-2026-12530 - Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages() June 17, 2026
2026-06-15 CVE-2026-11931 - Insecure Permissions on Authentication Token Cache File in Kiro IDE June 15, 2026
2026-06-12 CVE-2026-12043 - Heap double-free in AWS Common Runtime aws-c-http June 12, 2026
2026-06-10 CVE-2026-10740 - Excessive memory allocation in s2n-quic June 10, 2026

By the Year

In 2026 there have been 72 vulnerabilities in Amazon with an average score of 7.4 out of ten. Last year, in 2025 Amazon had 46 security vulnerabilities published. That is, 26 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.67.




Year Vulnerabilities Average Score
2026 72 7.35
2025 46 6.68
2024 26 6.96
2023 23 6.74
2022 23 7.27
2021 17 8.64
2020 8 6.94
2019 6 6.83
2018 19 6.76

It may take a day or so for new Amazon vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Amazon Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-14265 Jul 01, 2026
AWS Advanced JDBC Wrapper 3.3-4.0 RemoteQueryCachePlugin Deserialization RCE Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a crafted serialized Java object. The RemoteQueryCachePlugin uses ObjectInputStream without class filtering when deserializing cached query results from Redis or Valkey, enabling gadget chain execution when cache entries are poisoned. We recommend upgrading to AWS Advanced JDBC Wrapper version 4.0.1 or later.
Aws
CVE-2026-13760 Jul 01, 2026
OS Command Injection in aws-cdk-lib NodejsFunction Docker Bundling (v2.260.0 Fix) OS command injection in the NodejsFunction Docker bundling pipeline (OsCommand helper) in AWS aws-cdk-lib on all platforms might allow a actor who controls dependency version strings in a project's package.json file to execute arbitrary commands on the host running the CDK toolchain via injected shell metacharacters in the OsCommand helper. This issue requires the actor to control the content of a package.json dependency version string that is processed during Docker-based bundling with nodeModules specified. To remediate this issue, users should upgrade to v2.260.0.
Aws
CVE-2026-13769 Jul 01, 2026
AWS CLI <=1.44.77 / <=2.34.28: Overly Permissive File Permissions Expose Credentials Overly permissive file permissions in AWS CLI before 1.44.78 (v1) and 2.34.29 (v2) on Unix-like systems where the umask has not been configured to restrict file permissions (the default on most systems) may allow other local users on the same host to read credentials written by certain CLI subcommands (aws codeartifact login, aws iam create-virtual-mfa-device, aws deploy register). To remediate this issue, users should upgrade to AWS CLI 1.44.78 (v1) or 2.34.29 (v2) or later.
Aws
CVE-2026-53489 Jul 01, 2026
containerd CRI pathtraversal bug pre2.3.2/2.2.5/2.1.9 containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
Aws
CVE-2026-53492 Jul 01, 2026
containerd CDI Annotation Injection via Untrusted Checkpoints (pre-2.3.2) containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
Aws
CVE-2026-50195 Jul 01, 2026
containerd CRI Checkpoint Image Cache Poisoning (v<2.3.2,2.2.5,2.1.9) containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
Aws
CVE-2026-47262 Jul 01, 2026
containerd DoS via faulty image load causing OOM kill (v<1.7.33,2.0.10,2.1.9) containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.
Aws
CVE-2026-53488 Jul 01, 2026
CRI Label Injection in containerd 1.7.x/2.0-2.3 (1.7.33/2.3.2) containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.
Aws
CVE-2026-13763 Jun 29, 2026
AWS ALB HTTP/2 WAF Bypass via Fragmented Body Inspection Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue only impacts HTTP/2 ALB target groups. To remediate this issue, customers should enable the "Inspect after sufficient data" target group configuration associated to an ALB load balancer. Refer to: ( https://docs.aws.amazon.com/elasticloadbalancing/latest/application/edit-target-group-attributes.html#waf-http2-inspection )
Aws
CVE-2026-13762 Jun 29, 2026
CloudFront AWS WAF HTTP/2 Body Inspection Bypass Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was remediated server-side. No customer action is required.
Aws
CVE-2026-12958 Jun 23, 2026
AWS Language Server v1.69.0 Symlink Validation Flaw Enables Arbitrary File Write Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate this issue, users should upgrade to version 1.69.0 or higher.
Aws
CVE-2026-12957 Jun 23, 2026
CVE-2026-12957: Code Exec in AWS Language Servers <1.65.0 via Malicious Workspace Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted. To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher.
Aws
CVE-2026-12530 Jun 17, 2026
AWS Bedrock AgentCore SDK 1.1.3-1.6.1 Remote Cmd via install_packages Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate this issue, users should upgrade to version 1.6.1.
Aws
CVE-2026-11931 Jun 15, 2026
Kiro IDE 0.11.133 fixes insecure token cache permissions (CVE-2026-11931) Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600). To remediate this issue, users should upgrade to Kiro IDE version 0.11.133 or later. After upgrading and restarting the application, the cache file permissions are automatically updated on the next token refresh. Users operating in a multi-user environment can invalidate existing tokens by reauthenticating.
Aws
CVE-2026-12043 Jun 12, 2026
AWS Common Runtime aws-c-http 0.11.0: HPACK CVE-2026-12043 Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2 HEADERS frames. To remediate this issue, users should upgrade to aws-c-http version 0.11.0.
Aws
CVE-2026-10740 Jun 10, 2026
s2n-quic 1.8.2+ Unbounded CRYPTO frame reassembler DoS Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2.
Aws
CVE-2026-11417 Jun 10, 2026
OS Command Injection NodejsFunction bundling in aws-cdk-lib <2.245.0 OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 (2.246.0 on Windows) might allow an actor who controls the value of one or more bundling properties (externalModules, define, loader, inject, or esbuildArgs) to execute arbitrary commands on the host running the CDK toolchain via injected shell metacharacters. This issue requires the threat actor to control the value of one or more of the affected bundling properties in the CDK application. To remediate this issue, users should upgrade to aws-cdk-lib 2.245.0 (2.246.0 on Windows) or later.
Aws
CVE-2026-11393 Jun 08, 2026
CVE-2026-11393: AgentCore CLI v<0.14.2 RCE via triplequote code gen Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another user in the same AWS account, via a crafted collaborationInstruction stored on a Bedrock Agent collaborator and later processed by that other user during agent import. To remediate this issue, users should upgrade to version 0.14.2.
Aws
CVE-2026-11401 Jun 05, 2026
AWS Adv Go Wrapper GDBP Untrusted Search Path Escalation An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through the affected wrapper. To remediate this issue, users should upgrade to the AWS Advanced Go Wrapper release 2026-05-26
Aws
CVE-2026-11400 Jun 05, 2026
AWS Advanced JDBC Wrapper 4.0.0 GlobalDatabasePlugin Search Path Escalation An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through an affected wrapper. To remediate this issue, users should upgrade to AWS Advanced JDBC Wrapper version 4.0.1.
Aws
CVE-2026-10584 Jun 02, 2026
Graph Explorer v<3.0.1 HTTP Fallback Enables HTTPS Interception Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer v3.0.1 or later.
Aws
CVE-2026-10591 Jun 02, 2026
Amazon Kiro IDE <0.11 File Write CA Remote Exec Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths (such as .vscode/tasks.json), enabling auto-execution on folder open. To remediate this issue, users should upgrade to Kiro IDE version 0.11 or later.
Aws
CVE-2026-46300 May 23, 2026
Linux kernel: skb sharedfrag flag mispropagated in fragtransfer helpers In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors.
Aws
CVE-2026-9291 May 22, 2026
Amazon Braket SDK 1.117.0 Fix: Insecure Deserialization (Remote Exec) Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to amazon-braket-sdk version 1.117.0 or later.
Aws
CVE-2026-9255 May 22, 2026
Kiro CLI <1.28.0: Missing input validation allows arbitrary tool exec via stdin Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version 1.28.0 or later.
Aws
CVE-2026-9133 May 20, 2026
Amazon MQ rabbitmq-aws <0.2.1: Debug ARN allows remote file read Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. To remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys.
Aws
CVE-2026-8838 May 18, 2026
Amazon Redshift Python Driver eval() Vulnerability in vector_in() before 2.1.14 Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14.
Aws
CVE-2026-8686 May 15, 2026
coreMQTT v5.0.1 DOS via Missing Bounds Validation in MQTT v5.0 Prop Parser Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1.
Aws
CVE-2026-8597 May 14, 2026
Amazon SageMaker SDK v2/v3 Remote Code Exec via Unverified Triton Inference Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle payload that is deserialized without verification. This issue requires a remote authenticated actor with S3 write access to the model artifact path. To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any Triton models previously created with ModelBuilder using the updated SDK.
Aws
CVE-2026-8596 May 14, 2026
Cleartext Sensitive Info in SageMaker Python SDK <v2.257.2/v3<3.8.0 Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path. To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK.
Aws
CVE-2026-8178 May 08, 2026
Arbitrary Class Execution via URL in Amazon Redshift JDBC Driver <2.2.2 An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath. To mitigate this issue, users should upgrade to version 2.2.2 or later.
Aws
CVE-2026-43284 May 08, 2026
Linux Kernel ESP: Prevent In-Place Decrypt on Shared skb Frags In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output_head(), the path that appends the ESP trailer to existing skb tailroom without calling skb_cow_data() is not reachable for nonlinear skbs: skb_tailroom() returns zero when skb->data_len is nonzero, while ESP tailen is positive. Thus ESP output will either use the separate destination-frag path or fall back to skb_cow_data().
Aws
CVE-2026-7791 May 04, 2026
Privilege Escalation in Amazon WorkSpaces Skylight WS Config (before 2.6.2034) Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM.
Workspaces
Aws
CVE-2026-7461 Apr 30, 2026
Amazon ECS Agent FSx WinFS OS Command Injection <v1.103.0 Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration. To remediate this issue, users should upgrade to version 1.103.0.
Aws
CVE-2026-7426 Apr 29, 2026
FreeRTOS-Plus-TCP <4.2.6, <4.4.1 IPv6 RA Prefix Length Overflow Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, resulting in a heap buffer overflow. Users processing IPv4 RA only are not impacted. To mitigate this issue, users should upgrade to the fixed version when available.
Aws
CVE-2026-7425 Apr 29, 2026
FreeRTOS-Plus-TCP <= V4.4.1: IPv6 RA Prefix truncation DoS Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION option that is smaller than the expected structure size. To mitigate this issue, users should upgrade to the fixed version when available.
Aws
CVE-2026-7424 Apr 29, 2026
FreeRTOS-Plus-TCP DHCPv6 Integer Underflow (V4.4.1/4.2.6) Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.
Freertos
Aws
CVE-2026-7423 Apr 29, 2026
Integer Underflow in FreeRTOS-Plus-TCP ICMP Handlers V4.4.1/V4.2.6 Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read of up to approximately 65KB. To mitigate this issue, users should upgrade to the fixed version when available.
Aws
CVE-2026-7422 Apr 29, 2026
FreeRTOS-Plus-TCP MAC Spoof Loophole before v4.4.1 Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection mechanism skips all input validation for packets whose source MAC matches a local endpoint. To mitigate this issue, users should upgrade to the fixed version when available.
Aws
CVE-2026-7191 Apr 27, 2026
qnabot-on-aws <7.3 CExec via static-eval Exploit (CVE-2026-7191) Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content Designer interface, which bypasses the intended expression sandbox through JavaScript prototype manipulation. This may grant direct access to backend resources (Lambda environment variables, OpenSearch indices, S3 objects, DynamoDB tables) that are not exposed through normal administrative interfaces. We recommend you upgrade to version 7.3.0 or above.
Aws
CVE-2026-6968 Apr 24, 2026
AWS Tough v<0.22.0 Path Traversal via Absolute Target Names Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy_target/link_target, symlinked parent directories in save_target, or symlinked metadata filenames in SignedRole::write, because write paths trust the joined destination path without post-resolution containment verification. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.
Aws
CVE-2026-6967 Apr 24, 2026
tough <0.22.0: Missing Exp/Hash/Len in Delegated Metadata (CVE-2026-6967) Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cache, because load_delegations does not apply the same validation checks as the top-level targets metadata path. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.
Tough
Aws
CVE-2026-6966 Apr 24, 2026
Signature Verification Flaw in AWS Tough <0.22.0 (go) Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role metadata. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.
Tough
Aws
CVE-2026-6912 Apr 24, 2026
AWS Ops Wheel Cognito User Pool Attribute Escalation via UpdateUserAttributes Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Aws
CVE-2026-6911 Apr 24, 2026
AWS Ops Wheel JWT Signature Bypass (CVE-2026-6911) Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Aws
CVE-2026-31431 Apr 22, 2026
CVE-2026-31431: Linux Kernel Algif_aead In-Place Operation Vulnerability Reverted In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Aws
CVE-2026-6550 Apr 20, 2026
AWS Encryption SDK Python - Crypto Downgrade in Cache Pre-3.3.1/4.0.5 Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decrypted to multiple different plaintexts. To remediate this issue, users should upgrade to version 3.3.1, 4.0.5 or above.
Aws
CVE-2026-6437 Apr 17, 2026
AWS EFS CSI Driver <v3.0.1: Mount Option Injection via Argument Delimiter Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users should upgrade to version v3.0.1
Aws
CVE-2026-5747 Apr 07, 2026
Out-of-Bounds Write in virtio PCI Transport (Firecracker <=1.15.0) An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. To remediate this, users should upgrade to Firecracker 1.14.4 or 1.15.1 and later.
Aws
CVE-2026-5709 Apr 06, 2026
RES FileBrowser API Unsanitized Input (pre-2026.03) Enables RCE Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.
Aws
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.