8.7
CVE-2026-3336
- EPSS 0.02%
- Veröffentlicht 02.03.2026 21:15:16
- Zuletzt bearbeitet 11.03.2026 17:16:00
- Quelle ff89ba41-3aa1-4d27-914a-91399e
- CVE-Watchlists
- Unerledigt
LoginPKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amazon ≫ Aws-lc-sys SwPlatformrust Version >= 0.24.0 < 0.38.0
Amazon ≫ Aws Libcrypto Version >= 1.41.0 < 1.69.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.03 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.