HIGH🇵🇱 Wersja polska

CVE-2026-3336

CVSS 8.7v4.0pub. 2026-03-02upd. 2026-06-30

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Amazon Aws Lc Sys

    APP
    Amazon
    0.24.0 – 0.38.0 (bez)
  • Amazon Aws Libcrypto

    APP
    Amazon
    1.41.0 – 1.69.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-3337HIGH8.2ten sam produkt

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially de...

CVE-2026-3338HIGH8.7ten sam produkt

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature v...

CVE-2026-35561CRITICAL9.1PL ✓ten sam vendor

Niewystarczające zabezpieczenia uwierzytelniania w Amazon Athena ODBC Driver

CVE-2026-35560CRITICAL9.1PL ✓ten sam vendor

Nieprawidłowa walidacja certyfikatów w Amazon Athena ODBC Driver — atak MITM

CVE-2025-20286CRITICAL9.9PL ✓ten sam vendor

Cisco ISE w chmurze: współdzielone statyczne poświadczenia umożliwiają nieautoryzowany dostęp