Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for AWS Ops Wheel by AWS
CVE-2026-6912 (GCVE-0-2026-6912)
Vulnerability from nvd – Published: 2026-04-24 16:11 – Updated: 2026-04-24 16:48
VLAI?
Title
Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel
Summary
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute.
To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Severity ?
CWE
- CWE-915 - Improperly controlled modification of Dynamically-Determined object attributes
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AWS | AWS Ops Wheel |
Affected:
0 , < 164
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T16:48:16.996399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T16:48:22.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWS Ops Wheel",
"vendor": "AWS",
"versions": [
{
"lessThan": "164",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aws:aws_ops_wheel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "164",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute.\u003c/p\u003e\u003cp\u003eTo remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.\u003c/p\u003e"
}
],
"value": "Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute.\n\nTo remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly controlled modification of Dynamically-Determined object attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T16:13:51.059Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-ops-wheel/pull/165"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-018-aws/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/aws/aws-ops-wheel/security/advisories/GHSA-qvfh-9cjw-8wwq"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-6912",
"datePublished": "2026-04-24T16:11:45.833Z",
"dateReserved": "2026-04-23T13:38:11.080Z",
"dateUpdated": "2026-04-24T16:48:22.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6911 (GCVE-0-2026-6911)
Vulnerability from nvd – Published: 2026-04-24 16:08 – Updated: 2026-04-24 16:13
VLAI?
Title
Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel
Summary
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint.
To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Severity ?
9.8 (Critical)
CWE
- CWE-347 - Improper verification of cryptographic signature
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AWS | AWS Ops Wheel |
Affected:
0 , < 163
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWS Ops Wheel",
"vendor": "AWS",
"versions": [
{
"lessThan": "163",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aws:aws_ops_wheel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "163",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment\u0027s User Pool, via a crafted JWT sent to the API Gateway endpoint.\u003c/p\u003e\u003cp\u003eTo remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.\u003c/p\u003e"
}
],
"value": "Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment\u0027s User Pool, via a crafted JWT sent to the API Gateway endpoint.\n\nTo remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes."
}
],
"impacts": [
{
"capecId": "CAPEC-196",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-196 Session Credential Falsification through Forging"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper verification of cryptographic signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T16:13:28.829Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-018-aws/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-ops-wheel/pull/164"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/aws/aws-ops-wheel/security/advisories/GHSA-v5vr-8w3c-37x2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-6911",
"datePublished": "2026-04-24T16:08:45.808Z",
"dateReserved": "2026-04-23T13:38:10.476Z",
"dateUpdated": "2026-04-24T16:13:28.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6912 (GCVE-0-2026-6912)
Vulnerability from cvelistv5 – Published: 2026-04-24 16:11 – Updated: 2026-04-24 16:48
VLAI?
Title
Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel
Summary
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute.
To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Severity ?
CWE
- CWE-915 - Improperly controlled modification of Dynamically-Determined object attributes
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AWS | AWS Ops Wheel |
Affected:
0 , < 164
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T16:48:16.996399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T16:48:22.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWS Ops Wheel",
"vendor": "AWS",
"versions": [
{
"lessThan": "164",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aws:aws_ops_wheel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "164",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute.\u003c/p\u003e\u003cp\u003eTo remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.\u003c/p\u003e"
}
],
"value": "Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute.\n\nTo remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly controlled modification of Dynamically-Determined object attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T16:13:51.059Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-ops-wheel/pull/165"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-018-aws/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/aws/aws-ops-wheel/security/advisories/GHSA-qvfh-9cjw-8wwq"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-6912",
"datePublished": "2026-04-24T16:11:45.833Z",
"dateReserved": "2026-04-23T13:38:11.080Z",
"dateUpdated": "2026-04-24T16:48:22.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6911 (GCVE-0-2026-6911)
Vulnerability from cvelistv5 – Published: 2026-04-24 16:08 – Updated: 2026-04-24 16:13
VLAI?
Title
Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel
Summary
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint.
To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Severity ?
9.8 (Critical)
CWE
- CWE-347 - Improper verification of cryptographic signature
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AWS | AWS Ops Wheel |
Affected:
0 , < 163
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWS Ops Wheel",
"vendor": "AWS",
"versions": [
{
"lessThan": "163",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aws:aws_ops_wheel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "163",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment\u0027s User Pool, via a crafted JWT sent to the API Gateway endpoint.\u003c/p\u003e\u003cp\u003eTo remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.\u003c/p\u003e"
}
],
"value": "Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment\u0027s User Pool, via a crafted JWT sent to the API Gateway endpoint.\n\nTo remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes."
}
],
"impacts": [
{
"capecId": "CAPEC-196",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-196 Session Credential Falsification through Forging"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper verification of cryptographic signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T16:13:28.829Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-018-aws/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-ops-wheel/pull/164"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/aws/aws-ops-wheel/security/advisories/GHSA-v5vr-8w3c-37x2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-6911",
"datePublished": "2026-04-24T16:08:45.808Z",
"dateReserved": "2026-04-23T13:38:10.476Z",
"dateUpdated": "2026-04-24T16:13:28.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}