Amazon Aws

qnabot-on-aws <7.3 CExec via static-eval Exploit (CVE-2026-7191)
CVE-2026-7191 7.2 - High - April 27, 2026

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content Designer interface, which bypasses the intended expression sandbox through JavaScript prototype manipulation. This may grant direct access to backend resources (Lambda environment variables, OpenSearch indices, S3 objects, DynamoDB tables) that are not exposed through normal administrative interfaces. We recommend you upgrade to version 7.3.0 or above.

Code Injection

AWS Tough v<0.22.0 Path Traversal via Absolute Target Names
CVE-2026-6968 5.9 - Medium - April 24, 2026

Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy_target/link_target, symlinked parent directories in save_target, or symlinked metadata filenames in SignedRole::write, because write paths trust the joined destination path without post-resolution containment verification. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.

Directory traversal

tough <0.22.0: Missing Exp/Hash/Len in Delegated Metadata (CVE-2026-6967)
CVE-2026-6967 5.9 - Medium - April 24, 2026

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cache, because load_delegations does not apply the same validation checks as the top-level targets metadata path. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.

Insufficient Verification of Data Authenticity

Signature Verification Flaw in AWS Tough <0.22.0 (go)
CVE-2026-6966 5.3 - Medium - April 24, 2026

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role metadata. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.

Improper Verification of Cryptographic Signature

AWS Ops Wheel Cognito User Pool Attribute Escalation via UpdateUserAttributes
CVE-2026-6912 8.8 - High - April 24, 2026

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.

Mass Assignment

AWS Ops Wheel JWT Signature Bypass (CVE-2026-6911)
CVE-2026-6911 9.8 - Critical - April 24, 2026

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.

Improper Verification of Cryptographic Signature

AWS Encryption SDK Python - Crypto Downgrade in Cache Pre-3.3.1/4.0.5
CVE-2026-6550 4.7 - Medium - April 20, 2026

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decrypted to multiple different plaintexts. To remediate this issue, users should upgrade to version 3.3.1, 4.0.5 or above.

Algorithm Downgrade

AWS EFS CSI Driver <v3.0.1: Mount Option Injection via Argument Delimiter
CVE-2026-6437 6.5 - Medium - April 17, 2026

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users should upgrade to version v3.0.1

Argument Injection

Out-of-Bounds Write in virtio PCI Transport (Firecracker <=1.15.0)
CVE-2026-5747 7.5 - High - April 07, 2026

An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. To remediate this, users should upgrade to Firecracker 1.14.4 or 1.15.1 and later.

Memory Corruption

RES FileBrowser API Unsanitized Input (pre-2026.03) Enables RCE
CVE-2026-5709 8.8 - High - April 06, 2026

Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.

Shell injection

AWS RES Session Attr Flaw Enables Priv Escalation, Fixed 2026.03
CVE-2026-5708 8.8 - High - April 06, 2026

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.

Mass Assignment

AWS RES 2025.x Unsanitized session name OS command exec as root
CVE-2026-5707 8.8 - High - April 06, 2026

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.

Shell injection

Improper neutralization in Amazon Athena ODBC driver auth pre-2.1.0
CVE-2026-35558 7.8 - High - April 03, 2026

Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication. To remediate this issue, users should upgrade to version 2.1.0.0.

Command Injection

Amazon Athena ODBC Driver <2.1.0.0: OOB Write in Query Processor
CVE-2026-35559 6.5 - Medium - April 03, 2026

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0.0.

Memory Corruption

OS Command Injection in Amazon Athena ODBC Driver < 2.0.5.1 (Linux)
CVE-2026-5485 7.8 - High - April 03, 2026

OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To remediate this issue, users should upgrade to version 2.0.5.1 or later.

Shell injection

Resource Exhaustion in Athena ODBC Driver (pre2.1.0.0)
CVE-2026-35562 7.5 - High - April 03, 2026

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this issue, users should upgrade to version 2.1.0.0.

Allocation of Resources Without Limits or Throttling

Amazon Athena ODBC Driver <2.1.0.0: Brows Auth Hijack
CVE-2026-35561 7.4 - High - April 03, 2026

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0.0.

AuthZ

Amazon Athena ODBC Driver <2.1.0 Improper Cert Validation (MITM)
CVE-2026-35560 7.4 - High - April 03, 2026

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena. To remediate this issue, users should upgrade to version 2.1.0.0.

Improper Certificate Validation

Kiro IDE <0.8.140 Webview Unsanitized Input RCE
CVE-2026-5429 7.8 - High - April 02, 2026

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user to trust the workspace when prompted. To remediate this issue, users should upgrade to version 0.8.140.

XSS

Out-of-bounds write in AWS aws-c-event-stream v<0.6.0 streaming decoder
CVE-2026-5190 7.5 - High - March 31, 2026

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, users should upgrade to version 0.6.0 or later.

Memory Corruption

AWS-LC <1.71.0: CRL D. Point Validation Logic Error Bypasses Revoked Cert
CVE-2026-4428 7.4 - High - March 19, 2026

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.

Improper Check for Certificate Revocation

Kiro IDE Remote Code Execution via Trust Boundary Bypass pre 0.8.0
CVE-2026-4295 7.8 - High - March 17, 2026

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. To remediate this issue, users should upgrade to version 0.8.0 or higher.

Inclusion of Functionality from Untrusted Control Sphere

Missing S3 Ownership Verification in Bedrock AgentCore Toolkit <v0.1.13 Allows RCE
CVE-2026-4269 7.5 - High - March 16, 2026

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected. To remediate this issue, customers should upgrade to version v0.1.13.

Generation of Predictable Numbers or Identifiers

AWS MCP Server 0.2.141.3.9 Improper AlternatePath File Access
CVE-2026-4270 5.5 - Medium - March 16, 2026

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9.

Improper Protection of Alternate Path

MariaDB 11.8.5 Audit Plugin: Double-Hyphen Comments Not Logged
CVE-2026-3494 4.3 - Medium - March 03, 2026

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen () or hash (#) style comments, the statement is not logged.

Insufficient Logging

AWS-LC <1.69: Unauth bypass in PKCS7_verify signature validation
CVE-2026-3338 7.5 - High - March 02, 2026

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

Improper Verification of Cryptographic Signature

Timing Discrepancy in AES-CCM Auth Tag via EVP in AWS-LC <1.69.0
CVE-2026-3337 5.9 - Medium - March 02, 2026

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

Observable Timing Discrepancy

AWS-LC 1.69 Fix: PKCS7_verify Cert Chain Validation Bypass (CVE-2026-3336)
CVE-2026-3336 7.5 - High - March 02, 2026

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

Improper Certificate Validation

TLS Cert Check Bypass in Amazon SageMaker Python SDK < v3.1.1/v2.256.0
CVE-2026-1778 5.9 - Medium - February 02, 2026

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.

Improper Certificate Validation

Amazon SageMaker Python SDK <3.2.0: Cleartext HMAC Key Exposure in DescTrnJob
CVE-2026-1777 7.2 - High - February 02, 2026

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output location may have the ability to upload arbitrary artifacts which are executed the next time the Training Job is invoked.

Cleartext Transmission of Sensitive Information

Firecracker jailer symlink attack before v1.13.2 / 1.14.1
CVE-2026-1386 6 - Medium - January 23, 2026

A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.

Symlink following

Arbitrary Command Injection in Kiro IDE <0.6.18 via Malicious Workspace Names
CVE-2026-0830 7.8 - High - January 09, 2026

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

Shell injection

Amazon S3 Encryption Client for Go <3.3 key commitment flaw
CVE-2025-14764 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Go to version 4.0 or later.

Use of a Broken or Risky Cryptographic Algorithm

Amazon S3 Encryption Client for Java v<4.0 Key Commitment Vulnerability
CVE-2025-14763 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Java to version 4.0.0 or later.

Use of a Broken or Risky Cryptographic Algorithm

Missing Key Commitment AWS SDK for Ruby <1.208.0 Varying Decryption
CVE-2025-14762 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later.

Use of a Broken or Risky Cryptographic Algorithm

AWS SDK for PHP 3.368 Missing key commitment enables EDK injection
CVE-2025-14761 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later

Use of a Broken or Risky Cryptographic Algorithm

Missing Key Commitment in AWS SDK for C++ (before 1.11.712)
CVE-2025-14760 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for C++ to version 1.11.712 or later

Use of a Broken or Risky Cryptographic Algorithm

Amazon S3 Encryption Client .NET Key Commitment Bypass (Prior to 4.0.0)
CVE-2025-14759 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for .NET to version 3.2.0 or later.

Use of a Broken or Risky Cryptographic Algorithm

Harmonix on AWS IAM Trust Exploit v0.3.0 to v0.4.1 Escalation
CVE-2025-14503 7.2 - High - December 15, 2025

An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges. We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.

Incorrect Privilege Assignment

RCFC 19.019.2 Remote Code Exec via Unsafe Deserialization
CVE-2025-55182 10 - Critical - December 03, 2025

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Audio Leak after Call Termination in AWS Wickr<6.62.13 (Windows/macOS/Linux)
CVE-2025-13524 5.7 - Medium - November 21, 2025

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require the affected user to take a particular action within the application To mitigate this issue, users should upgrade AWS Wickr, Wickr Gov and Wickr Enterprise desktop version to version 6.62.13.

Improper Resource Shutdown or Release

Privilege Escalation in AWS Aurora PG Wrappers v2.6.5 (RDS Superuser)
CVE-2025-12967 8 - High - November 10, 2025

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1

Reflection Injection

Amazon Ion-C Uninit Stack Read <1.1.4 (CVE-2025-12829)
CVE-2025-12829 6.2 - Medium - November 07, 2025

An uninitialized stack read issue exists in Amazon Ion-C versions <v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version v1.1.4.

Out-of-bounds Read

runc: /proc Redirect via Race in 1.2.7-1.4.0-rc.2
CVE-2025-52881 - November 06, 2025

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

Symlink following

runc <1.2.8/1.3.3/1.4.0-rc.3: /dev/console Bind-Mount LFI/Container Breakout
CVE-2025-52565 - November 06, 2025

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

Symlink following

runc CLI BindMount Verification Flaw Exposes Host Escape (1.4.0rc.2)
CVE-2025-31133 - November 06, 2025

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

Symlink following

AWS RES Virtual Desktop Preview Ownership Verification Flaw (2025.08)
CVE-2025-12815 4.3 - Medium - November 06, 2025

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate this issue, users should upgrade to version 2025.09 or above.

Unverified Ownership

Amazon WorkSpaces Linux Client 2023-2024 Auth Token Leak to Local Users
CVE-2025-12779 8.8 - High - November 05, 2025

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace. To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later.

Exposure of Sensitive System Information to an Unauthorized Control Sphere

FreeRTOS-Plus-TCP UDP/IPv6 IP-Version Bypass due to validation flaw
CVE-2025-11618 4.3 - Medium - October 10, 2025

A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend upgrading to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

NULL Pointer Dereference

FreeRTOS-Plus-TCP IPv6 OOB Read Vulnerability
CVE-2025-11617 5.4 - Medium - October 10, 2025

A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processing code can lead to an out-of-bounds read when receiving a IPv6 packet with incorrect payload lengths in the packet header. This issue only affects applications using IPv6. We recommend users upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

Buffer Over-read