CVE-2026-6911 in AWS Ops Wheelinformación

Resumen

por MITRE • 2026-04-24

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint.

To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

AMZN

Reservar

2026-04-23

Divulgación

2026-04-24

Moderación

aceptado

Artículo

VDB-359487

CPE

listo

CWE

CWE-347 (confirmado)

CVSS

9.8 (CNA)

EPSS

0.00042

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6911
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6911
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6911/

◂ Anterior Visión De Conjunto Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!