Aws Ops Wheel
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Aws Ops Wheel.
By the Year
In 2026 there have been 2 vulnerabilities in Aws Ops Wheel with an average score of 9.3 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 9.30 |
It may take a day or so for new Aws Ops Wheel vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Aws Ops Wheel Security Vulnerabilities
AWS Ops Wheel Cognito User Pool Attribute Escalation via UpdateUserAttributes
CVE-2026-6912
8.8 - High
- April 24, 2026
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Mass Assignment
AWS Ops Wheel JWT Signature Bypass (CVE-2026-6911)
CVE-2026-6911
9.8 - Critical
- April 24, 2026
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Improper Verification of Cryptographic Signature
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Aws Ops Wheel or by Aws? Click the Watch button to subscribe.
