aws 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk sql injection、vendor risk file inclusion, and vendor risk memory corruption に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact memory corruption and アプリケーションクラッシュ などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-14471 | Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position. To remediate this issue, users should upgrade to version 1.0.13 or later. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.6 | — | 2026-07-06 | 2026-07-06 |
| CVE-2026-14265 | Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a crafted serialized Java object. The RemoteQueryCachePlugin uses ObjectInputStream without class filtering when deserializing cached query results from Redis or Valkey, enabling gadget chain execution when ca | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.7 | 0.41% | 2026-07-01 | 2026-07-02 |
| CVE-2026-13760 | OS command injection in the NodejsFunction Docker bundling pipeline (OsCommand helper) in AWS aws-cdk-lib on all platforms might allow a actor who controls dependency version strings in a project's package.json file to execute arbitrary commands on the host running the CDK toolchain via injected shell metacharacters in the OsCommand helper. This issue requires the actor to control the content of a package.json dependency version string that is processed during Docker-based bundling with nodeModu | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.0 | 0.61% | 2026-07-01 | 2026-07-01 |
| CVE-2026-12530 | Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate this issue, users should upgrade to version 1.6.1. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.4 | 0.30% | 2026-06-17 | 2026-06-22 |
| CVE-2026-11931 | Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600). To remediate this issue, users should upgrade to Kiro IDE version 0.11.133 or later. After upgrading and restarting the application, the cache file permissions are automatically updated on the next token refresh. Users operating in a multi-use | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 6.8 | 0.11% | 2026-06-15 | 2026-06-17 |
| CVE-2026-12043 | Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2 HEADERS frames. To remediate this issue, users should upgrade to aws-c-http version 0.11.0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.7 | 0.35% | 2026-06-12 | 2026-06-17 |
| CVE-2026-10740 | Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 6.9 | 0.29% | 2026-06-10 | 2026-06-17 |
| CVE-2026-11417 | OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 (2.246.0 on Windows) might allow an actor who controls the value of one or more bundling properties (externalModules, define, loader, inject, or esbuildArgs) to execute arbitrary commands on the host running the CDK toolchain via injected shell metacharacters. This issue requires the threat actor to control the value of one or more of the affected bundling properties in the CDK application. To rem | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.0 | 0.94% | 2026-06-10 | 2026-06-17 |
| CVE-2026-11393 | Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another user in the same AWS account, via a crafted collaborationInstruction stored on a Bedrock Agent collaborator and later processed by that other user during agent import. To remediate this issue, users | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.8 | 0.34% | 2026-06-08 | 2026-06-17 |
| CVE-2026-11401 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through the affected wrapper. To remediate this issue, users should upgrade to the AWS Advanced Go Wrapper release 2026-05-26 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.6 | 0.30% | 2026-06-05 | 2026-06-17 |
| CVE-2026-11400 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through an affected wrapper. To remediate this issue, users should upgrade to AWS Advanced JDBC Wrapper version 4.0.1. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.6 | 0.30% | 2026-06-05 | 2026-06-17 |
| CVE-2026-10584 | Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer v3.0.1 or later. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.2 | 0.10% | 2026-06-02 | 2026-06-17 |
| CVE-2026-9291 | Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to amazon-braket-sdk version 1.117.0 or later. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.5 | 0.38% | 2026-05-22 | 2026-06-17 |
| CVE-2026-9133 | Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. To remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated pr | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.3 | 0.34% | 2026-05-20 | 2026-06-17 |
| CVE-2026-8838 | Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 9.3 | 0.81% | 2026-05-18 | 2026-06-17 |
| CVE-2026-7191 | Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content Designer interface, which bypasses the intended expression sandbox through JavaScript prototype manipulation. This may grant direct access to backend resources (Lambda environment variables, OpenSearch | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.6 | 0.43% | 2026-04-27 | 2026-06-17 |
| CVE-2026-6912 | Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.7 | 0.42% | 2026-04-24 | 2026-06-17 |
| CVE-2026-6911 | Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 9.3 | 0.25% | 2026-04-24 | 2026-06-17 |