CVE-2026-6911 in AWS Ops Wheel情報

要約

〜によって MITRE • 2026年04月24日

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint.

To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

AMZN

予約する

2026年04月23日

公開

2026年04月24日

モデレーション

承諾済み

エントリ

VDB-359487

CPE

準備完了

CWE

CWE-347 (確認済み)

CVSS

9.8 (CNA)

EPSS

0.00042

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6911
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6911
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6911/

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!