CVE-2026-6911 in AWS Ops Wheelinformation

Résumé

par MITRE • 24/04/2026

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint.

To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

AMZN

Réserver

23/04/2026

Divulgation

24/04/2026

Modérer

accepté

Entrée

VDB-359487

CPE

prêt

CWE

CWE-347 (confirmé)

CVSS

9.8 (CNA)

EPSS

0.00042

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6911
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6911
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6911/

◂ Précédent Aperçu Suivant ▸

Do you need the next level of professionalism?

Upgrade your account now!