cvedb.io
CVE-2026-3336
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-03-02T22:16:31.277 · Last modified 2026-06-30T03:19:12.663

Summary

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

Affected products

amazon — aws-lc-sys

Does this affect you?

Add your gear to cvedb and we'll alert you only when amazon ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.