CVE-2026-3336
EUVD-2026-926402.03.2026, 22:16
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| amazon | aws-lc-sys | 0.24.0 ≤ 𝑥 < 0.38.0 |
| amazon | aws_libcrypto | 1.41.0 ≤ 𝑥 < 1.69.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 | 1773307309 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Trusted Artifact Signer 1.3 | 1773307309 ≤ 𝑥 < * | ADP |
Amazon Linux Releases
Common Weakness Enumeration
References