Vulnerability Details CVE-2026-3338
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.8%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2026-3338
-
cpe:2.3:a:amazon:aws-lc-sys:0.24.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.24.1
-
cpe:2.3:a:amazon:aws-lc-sys:0.25.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.25.1
-
cpe:2.3:a:amazon:aws-lc-sys:0.26.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.27.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.27.1
-
cpe:2.3:a:amazon:aws-lc-sys:0.27.2
-
cpe:2.3:a:amazon:aws-lc-sys:0.28.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.28.1
-
cpe:2.3:a:amazon:aws-lc-sys:0.28.2
-
cpe:2.3:a:amazon:aws-lc-sys:0.29.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.30.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.31.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.32.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.32.1
-
cpe:2.3:a:amazon:aws-lc-sys:0.32.2
-
cpe:2.3:a:amazon:aws-lc-sys:0.32.3
-
cpe:2.3:a:amazon:aws-lc-sys:0.33.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.34.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.35.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.36.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.37.0
-
cpe:2.3:a:amazon:aws-lc-sys:0.37.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.41.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.41.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.42.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.43.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.44.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.45.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.46.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.46.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.47.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.48.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.48.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.48.2
-
cpe:2.3:a:amazon:aws_libcrypto:1.48.3
-
cpe:2.3:a:amazon:aws_libcrypto:1.48.4
-
cpe:2.3:a:amazon:aws_libcrypto:1.48.5
-
cpe:2.3:a:amazon:aws_libcrypto:1.49.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.49.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.50.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.50.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.51.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.51.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.51.2
-
cpe:2.3:a:amazon:aws_libcrypto:1.52.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.52.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.53.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.53.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.54.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.55.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.56.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.57.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.57.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.58.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.58.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.59.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.60.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.61.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.61.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.61.2
-
cpe:2.3:a:amazon:aws_libcrypto:1.61.3
-
cpe:2.3:a:amazon:aws_libcrypto:1.61.4
-
cpe:2.3:a:amazon:aws_libcrypto:1.62.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.62.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.63.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.64.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.65.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.65.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.66.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.66.1
-
cpe:2.3:a:amazon:aws_libcrypto:1.66.2
-
cpe:2.3:a:amazon:aws_libcrypto:1.67.0
-
cpe:2.3:a:amazon:aws_libcrypto:1.68.0