Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

AWS — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting AWS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by AWS:toughResearch and Engineering Studio (RES)AWS-LCaws-cdkKiro IDEFreeRTOS-Plus-TCPClient VPNAWS Serverless Application Model Command Line InterfaceFirecrackerSageMaker Python SDKsagemaker-python-sdkAWS Ops WheelAWS SDK for RubyS3 Encryption Client for GoS3 Encryption Client for JavaJDBC WrapperS3 Encryption Client for .NETAWS SDK for PHPaws-sdk-netAWS API MCP ServerBedrock AgentCore Starter Toolkitaws-c-event-streamAWS Encryption SDK for PythonAWS SDK for C++Harmonix on AWSWickramazon-cloudwatch-agentFreeRTOS-Plus_TCPCloud Development Kit Command Line Interfaceaws/sagemaker-python-sdk
CVE IDTitleCVSSSeverityPublished
CVE-2026-6968 Multiple Path Traversal Variants in awslabs/tough — toughCWE-22 5.9 Medium2026-04-24
CVE-2026-6967 Missing Delegated Metadata Validation in awslabs/tough — toughCWE-345 5.9 Medium2026-04-24
CVE-2026-6966 Signature Threshold Bypass in awslabs/tough Delegated Roles — toughCWE-347 5.3 Medium2026-04-24
CVE-2026-6912 Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel — AWS Ops WheelCWE-915 8.8 High2026-04-24
CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel — AWS Ops WheelCWE-347 9.8 Critical2026-04-24
CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python — AWS Encryption SDK for PythonCWE-757 4.7 Medium2026-04-20
CVE-2026-5747 Out-of-bounds Write in Firecracker virtio-pci Transport — FirecrackerCWE-787 7.5 High2026-04-07
CVE-2026-5709 AWS Research and Engineering Studio (RES) FileBrowser Command Injection — Research and Engineering Studio (RES)CWE-78 8.8 High2026-04-06
CVE-2026-5708 Improper Control of User-Modifiable Attributes in RES CreateSession API — Research and Engineering Studio (RES)CWE-915 8.8 High2026-04-06
CVE-2026-5707 Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES) — Research and Engineering Studio (RES)CWE-78 8.8 High2026-04-06
CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme — Kiro IDECWE-79 7.8 High2026-04-02
CVE-2026-5190 AWS C Event Stream Streaming Decoder Stack Buffer Overflow — aws-c-event-streamCWE-787 7.5 High2026-03-31
CVE-2026-4428 CRL Distribution Point Scope Check Logic Error in AWS-LC — AWS-LCCWE-299 7.4 High2026-03-19
CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE — Kiro IDECWE-829 7.8 High2026-03-17
CVE-2026-4269 Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit — Bedrock AgentCore Starter ToolkitCWE-340 7.5 High2026-03-16
CVE-2026-4270 AWS API MCP File Access Restriction Bypass — AWS API MCP ServerCWE-424 5.5 Medium2026-03-16
CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC — AWS-LCCWE-347 7.5 High2026-03-02
CVE-2026-3337 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC — AWS-LCCWE-208 5.9 Medium2026-03-02
CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC — AWS-LCCWE-295 7.5 High2026-03-02
CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations — SageMaker Python SDKCWE-295 5.9 Medium2026-02-02
CVE-2026-1777 Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk — SageMaker Python SDKCWE-319 7.2 High2026-02-02
CVE-2026-1386 Arbitrary Host File Overwrite via Symlink in Firecracker Jailer — FirecrackerCWE-61 6.0 Medium2026-01-23
CVE-2026-22611 AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value — aws-sdk-netCWE-20 3.7 Low2026-01-10
CVE-2026-0830 Command Injection in Kiro GitLab Merge Request Helper — Kiro IDECWE-78 7.8 High2026-01-09
CVE-2025-14764 Amazon S3 Encryption Client 安全漏洞 — S3 Encryption Client for GoCWE-327 5.3 Medium2025-12-17
CVE-2025-14763 Amazon S3 Encryption Client 安全漏洞 — S3 Encryption Client for JavaCWE-327 5.3 Medium2025-12-17
CVE-2025-14762 AWS SDK for Ruby 安全漏洞 — AWS SDK for RubyCWE-327 5.3 Medium2025-12-17
CVE-2025-14761 Amazon AWS SDK for PHP 安全漏洞 — AWS SDK for PHPCWE-327 5.3 Medium2025-12-17
CVE-2025-14760 AWS SDK for C++ 安全漏洞 — AWS SDK for C++CWE-327 5.3 Medium2025-12-17
CVE-2025-14759 Amazon S3 Encryption Client for .NET 安全漏洞 — S3 Encryption Client for .NETCWE-327 5.3 Medium2025-12-17

This page lists every published CVE security advisory associated with AWS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.