Graph Explorer v<3.0.1 HTTP Fallback Enables HTTPS Interception
CVE-2026-10584 Published on June 2, 2026
HTTPS Fallback to HTTP in Graph Explorer
Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS.
To remediate this issue, users should upgrade to Graph Explorer v3.0.1 or later.
Vulnerability Analysis
CVE-2026-10584 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.
Products Associated with CVE-2026-10584
stack.watch emails you whenever new vulnerabilities are published in Aws Graph Explorer or Amazon Aws. Just hit a watch button to start following.
Affected Versions
AWS Graph Explorer:- Version 1.1.0 and below 3.0.1 is affected.