CVE-2026-3338
EUVD-2026-926602.03.2026, 22:16
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| amazon | aws-lc-sys | 0.24.0 ≤ 𝑥 < 0.38.0 |
| amazon | aws_libcrypto | 1.41.0 ≤ 𝑥 < 1.69.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 | 1773307309 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Trusted Artifact Signer 1.3 | 1773307309 ≤ 𝑥 < * | ADP |
Amazon Linux Releases
Common Weakness Enumeration
References