{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T15:23:59.134","vulnerabilities":[{"cve":{"id":"CVE-2026-3336","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-03-02T22:16:31.277","lastModified":"2026-03-11T17:16:00.823","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.\n\nCustomers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0."},{"lang":"es","value":"Validación incorrecta de certificados en PKCS7_verify() en AWS-LC permite a un usuario no autenticado eludir la verificación de la cadena de certificados al procesar objetos PKCS7 con múltiples firmantes, excepto el firmante final.\n\nLos clientes de los servicios de AWS no necesitan tomar ninguna medida. Las aplicaciones que utilizan AWS-LC deberían actualizarse a la versión 1.69.0 de AWS-LC."}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:amazon:aws-lc-sys:*:*:*:*:*:rust:*:*","versionStartIncluding":"0.24.0","versionEndExcluding":"0.38.0","matchCriteriaId":"1657BD7A-BA4B-430A-809F-DE772460B0EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:amazon:aws_libcrypto:*:*:*:*:*:*:*:*","versionStartIncluding":"1.41.0","versionEndExcluding":"1.69.0","matchCriteriaId":"4B6E82AB-2DB6-4350-B218-772CE7852DCC"}]}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-005-AWS/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]},{"url":"https://github.com/aws/aws-lc/releases/tag/v1.69.0","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Release Notes"]},{"url":"https://github.com/aws/aws-lc/security/advisories/GHSA-cfwj-9wp5-wqvp","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]}]}}]}