Amazon Amazon Amazon

  1. Vendors
  2. Amazon

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Amazon product.

RSS Feeds for Amazon security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Amazon products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Amazon Sorted by Most Security Vulnerabilities since 2018

Amazon Aws139 vulnerabilities

Amazon Freertos20 vulnerabilities

Amazon Tough5 vulnerabilities

Amazon Workspaces4 vulnerabilities

Amazon Aws Software Development Kit4 vulnerabilities

Amazon Awslabs Sandbox Accounts Events2 vulnerabilities

Amazon Aws Encryption Sdk2 vulnerabilities

Amazon Amplify Cli1 vulnerability

Amazon Freertos Plus Tcp1 vulnerability

Amazon Ion1 vulnerability

Amazon Linux 20231 vulnerability

Amazon Aws Deployment Framework1 vulnerability

Amazon Aws Alb Route Directive Adapter Istio1 vulnerability

Amazon Alexa1 vulnerability

Amazon Ec2 Api Tools Java Library1 vulnerability

Recent Amazon Security Advisories

Advisory Title Published
2026-05-14 Issue with Amazon SageMaker Python SDK - Model artifact integrity verification issues (CVE-2026-8596 &amp: CVE-2026-8597) May 14, 2026
2026-05-14 Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel May 14, 2026
2026-05-14 Ongoing updates on Copy.fail and variants May 14, 2026
2026-05-08 CVE-2026-8178 - Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver May 8, 2026
2026-05-08 Dirty Frag and other issues in Amazon Linux kernels May 8, 2026
2026-05-07 CVE-2026-31431 May 7, 2026
2026-05-04 CVE-2026-7791 - Local Privilege Escalation via TOCTOU Race Condition in Amazon WorkSpaces Skylight Agent May 4, 2026
2026-05-01 CVE-2026-7461 - OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials May 1, 2026
2026-04-29 Issue with FreeRTOS-Plus-TCP - IPv6 Router Advertisement Memory Safety Issues April 29, 2026
2026-04-29 CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP April 29, 2026

By the Year

In 2026 there have been 44 vulnerabilities in Amazon with an average score of 7.2 out of ten. Last year, in 2025 Amazon had 46 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Amazon in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.49.




Year Vulnerabilities Average Score
2026 44 7.17
2025 46 6.68
2024 26 6.96
2023 23 6.74
2022 23 7.27
2021 17 8.64
2020 8 6.94
2019 6 6.83
2018 19 6.76

It may take a day or so for new Amazon vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Amazon Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-8597 May 14, 2026
Amazon SageMaker SDK v2/v3 Remote Code Exec via Unverified Triton Inference Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle payload that is deserialized without verification. This issue requires a remote authenticated actor with S3 write access to the model artifact path. To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any Triton models previously created with ModelBuilder using the updated SDK.
Aws
CVE-2026-8596 May 14, 2026
Cleartext Sensitive Info in SageMaker Python SDK <v2.257.2/v3<3.8.0 Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path. To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK.
Aws
CVE-2026-8178 May 08, 2026
Arbitrary Class Execution via URL in Amazon Redshift JDBC Driver <2.2.2 An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath. To mitigate this issue, users should upgrade to version 2.2.2 or later.
Aws
CVE-2026-43284 May 08, 2026
Linux Kernel ESP: Prevent In-Place Decrypt on Shared skb Frags In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output_head(), the path that appends the ESP trailer to existing skb tailroom without calling skb_cow_data() is not reachable for nonlinear skbs: skb_tailroom() returns zero when skb->data_len is nonzero, while ESP tailen is positive. Thus ESP output will either use the separate destination-frag path or fall back to skb_cow_data().
Aws
CVE-2026-7791 May 04, 2026
Privilege Escalation in Amazon WorkSpaces Skylight WS Config (before 2.6.2034) Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM.
Workspaces
Aws
CVE-2026-7461 Apr 30, 2026
Amazon ECS Agent FSx WinFS OS Command Injection <v1.103.0 Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration. To remediate this issue, users should upgrade to version 1.103.0.
Aws
CVE-2026-7426 Apr 29, 2026
FreeRTOS-Plus-TCP <4.2.6, <4.4.1 IPv6 RA Prefix Length Overflow Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, resulting in a heap buffer overflow. Users processing IPv4 RA only are not impacted. To mitigate this issue, users should upgrade to the fixed version when available.
Aws
CVE-2026-7425 Apr 29, 2026
FreeRTOS-Plus-TCP <= V4.4.1: IPv6 RA Prefix truncation DoS Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION option that is smaller than the expected structure size. To mitigate this issue, users should upgrade to the fixed version when available.
Aws
CVE-2026-7424 Apr 29, 2026
FreeRTOS-Plus-TCP DHCPv6 Integer Underflow (V4.4.1/4.2.6) Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.
Freertos
Aws
CVE-2026-7423 Apr 29, 2026
Integer Underflow in FreeRTOS-Plus-TCP ICMP Handlers V4.4.1/V4.2.6 Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read of up to approximately 65KB. To mitigate this issue, users should upgrade to the fixed version when available.
Aws
CVE-2026-7422 Apr 29, 2026
FreeRTOS-Plus-TCP MAC Spoof Loophole before v4.4.1 Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection mechanism skips all input validation for packets whose source MAC matches a local endpoint. To mitigate this issue, users should upgrade to the fixed version when available.
Aws
CVE-2026-7191 Apr 27, 2026
qnabot-on-aws <7.3 CExec via static-eval Exploit (CVE-2026-7191) Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content Designer interface, which bypasses the intended expression sandbox through JavaScript prototype manipulation. This may grant direct access to backend resources (Lambda environment variables, OpenSearch indices, S3 objects, DynamoDB tables) that are not exposed through normal administrative interfaces. We recommend you upgrade to version 7.3.0 or above.
Aws
CVE-2026-6968 Apr 24, 2026
AWS Tough v<0.22.0 Path Traversal via Absolute Target Names Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy_target/link_target, symlinked parent directories in save_target, or symlinked metadata filenames in SignedRole::write, because write paths trust the joined destination path without post-resolution containment verification. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.
Aws
CVE-2026-6967 Apr 24, 2026
tough <0.22.0: Missing Exp/Hash/Len in Delegated Metadata (CVE-2026-6967) Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cache, because load_delegations does not apply the same validation checks as the top-level targets metadata path. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.
Tough
Aws
CVE-2026-6966 Apr 24, 2026
Signature Verification Flaw in AWS Tough <0.22.0 (go) Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role metadata. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.
Tough
Aws
CVE-2026-6912 Apr 24, 2026
AWS Ops Wheel Cognito User Pool Attribute Escalation via UpdateUserAttributes Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Aws
CVE-2026-6911 Apr 24, 2026
AWS Ops Wheel JWT Signature Bypass (CVE-2026-6911) Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Aws
CVE-2026-31431 Apr 22, 2026
CVE-2026-31431: Linux Kernel Algif_aead In-Place Operation Vulnerability Reverted In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Aws
CVE-2026-6550 Apr 20, 2026
AWS Encryption SDK Python - Crypto Downgrade in Cache Pre-3.3.1/4.0.5 Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decrypted to multiple different plaintexts. To remediate this issue, users should upgrade to version 3.3.1, 4.0.5 or above.
Aws
CVE-2026-6437 Apr 17, 2026
AWS EFS CSI Driver <v3.0.1: Mount Option Injection via Argument Delimiter Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users should upgrade to version v3.0.1
Aws
CVE-2026-5747 Apr 07, 2026
Out-of-Bounds Write in virtio PCI Transport (Firecracker <=1.15.0) An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. To remediate this, users should upgrade to Firecracker 1.14.4 or 1.15.1 and later.
Aws
CVE-2026-5709 Apr 06, 2026
RES FileBrowser API Unsanitized Input (pre-2026.03) Enables RCE Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.
Aws
CVE-2026-5708 Apr 06, 2026
AWS RES Session Attr Flaw Enables Priv Escalation, Fixed 2026.03 Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.
Aws
CVE-2026-5707 Apr 06, 2026
AWS RES 2025.x Unsanitized session name OS command exec as root Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.
Aws
CVE-2026-35558 Apr 03, 2026
Improper neutralization in Amazon Athena ODBC driver auth pre-2.1.0 Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication. To remediate this issue, users should upgrade to version 2.1.0.0.
Aws
CVE-2026-35559 Apr 03, 2026
Amazon Athena ODBC Driver <2.1.0.0: OOB Write in Query Processor Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0.0.
Aws
CVE-2026-5485 Apr 03, 2026
OS Command Injection in Amazon Athena ODBC Driver < 2.0.5.1 (Linux) OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To remediate this issue, users should upgrade to version 2.0.5.1 or later.
Aws
CVE-2026-35562 Apr 03, 2026
Resource Exhaustion in Athena ODBC Driver (pre2.1.0.0) Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this issue, users should upgrade to version 2.1.0.0.
Aws
CVE-2026-35561 Apr 03, 2026
Amazon Athena ODBC Driver <2.1.0.0: Brows Auth Hijack Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0.0.
Aws
CVE-2026-35560 Apr 03, 2026
Amazon Athena ODBC Driver <2.1.0 Improper Cert Validation (MITM) Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena. To remediate this issue, users should upgrade to version 2.1.0.0.
Aws
CVE-2026-5429 Apr 02, 2026
Kiro IDE <0.8.140 Webview Unsanitized Input RCE Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user to trust the workspace when prompted. To remediate this issue, users should upgrade to version 0.8.140.
Aws
CVE-2026-5190 Mar 31, 2026
Out-of-bounds write in AWS aws-c-event-stream v<0.6.0 streaming decoder Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, users should upgrade to version 0.6.0 or later.
Aws
CVE-2026-4428 Mar 19, 2026
AWS-LC <1.71.0: CRL D. Point Validation Logic Error Bypasses Revoked Cert A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.
Aws
CVE-2026-4295 Mar 17, 2026
Kiro IDE Remote Code Execution via Trust Boundary Bypass pre 0.8.0 Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. To remediate this issue, users should upgrade to version 0.8.0 or higher.
Aws
CVE-2026-4269 Mar 16, 2026
Missing S3 Ownership Verification in Bedrock AgentCore Toolkit <v0.1.13 Allows RCE A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected. To remediate this issue, customers should upgrade to version v0.1.13.
Aws
CVE-2026-4270 Mar 16, 2026
AWS MCP Server 0.2.141.3.9 Improper AlternatePath File Access Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9.
Aws
CVE-2026-3494 Mar 03, 2026
MariaDB 11.8.5 Audit Plugin: Double-Hyphen Comments Not Logged In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen () or hash (#) style comments, the statement is not logged.
Aws
CVE-2026-3338 Mar 02, 2026
AWS-LC <1.69: Unauth bypass in PKCS7_verify signature validation Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
Aws
CVE-2026-3337 Mar 02, 2026
Timing Discrepancy in AES-CCM Auth Tag via EVP in AWS-LC <1.69.0 Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
Aws
CVE-2026-3336 Mar 02, 2026
AWS-LC 1.69 Fix: PKCS7_verify Cert Chain Validation Bypass (CVE-2026-3336) Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
Aws
CVE-2026-1778 Feb 02, 2026
TLS Cert Check Bypass in Amazon SageMaker Python SDK < v3.1.1/v2.256.0 Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.
Aws
CVE-2026-1777 Feb 02, 2026
Amazon SageMaker Python SDK <3.2.0: Cleartext HMAC Key Exposure in DescTrnJob The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output location may have the ability to upload arbitrary artifacts which are executed the next time the Training Job is invoked.
Aws
CVE-2026-1386 Jan 23, 2026
Firecracker jailer symlink attack before v1.13.2 / 1.14.1 A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Aws
CVE-2026-0830 Jan 09, 2026
Arbitrary Command Injection in Kiro IDE <0.6.18 via Malicious Workspace Names Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.
Aws
CVE-2025-14764 Dec 17, 2025
Amazon S3 Encryption Client for Go <3.3 key commitment flaw Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Go to version 4.0 or later.
Aws
CVE-2025-14763 Dec 17, 2025
Amazon S3 Encryption Client for Java v<4.0 Key Commitment Vulnerability Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Java to version 4.0.0 or later.
Aws
CVE-2025-14762 Dec 17, 2025
Missing Key Commitment AWS SDK for Ruby <1.208.0 Varying Decryption Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later.
Aws
CVE-2025-14761 Dec 17, 2025
AWS SDK for PHP 3.368 Missing key commitment enables EDK injection Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later
Aws
CVE-2025-14760 Dec 17, 2025
Missing Key Commitment in AWS SDK for C++ (before 1.11.712) Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for C++ to version 1.11.712 or later
Aws
CVE-2025-14759 Dec 17, 2025
Amazon S3 Encryption Client .NET Key Commitment Bypass (Prior to 4.0.0) Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for .NET to version 3.2.0 or later.
Aws
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.