彙總 Amazon 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 路徑處理缺陷、跨站腳本與輸入驗證問題 相關,可能在 伺服器部署與系統元件 場景中帶來 記憶體損壞與檔案覆寫 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-10591 | Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths (such as .vscode/tasks.json), enabling auto-execution on folder open. To remediate this issue, users should upgrade to Kiro IDE version 0.11 or later. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.6 | 0.07% | 2026-06-02 | 2026-06-05 |
| CVE-2026-9255 | Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version 1.28.0 or later. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.4 | 0.01% | 2026-05-22 | 2026-06-04 |
| CVE-2026-7461 | Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.5 | 0.03% | 2026-04-30 | 2026-05-05 |
| CVE-2026-7426 | Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, resulting in a heap buffer overflow. Users processing IPv4 RA only are not impacted. To mitigate this issue, users should upgrade to the fixed version when available. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 6.1 | 0.01% | 2026-04-29 | 2026-05-04 |
| CVE-2026-7425 | Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION option that is smaller than the expected structure size. To mitigate this issue, users should upgrade to the fixed version when available. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 6.0 | 0.01% | 2026-04-29 | 2026-05-04 |
| CVE-2026-7424 | Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.2 | 0.01% | 2026-04-29 | 2026-05-04 |
| CVE-2026-7423 | Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read of up to approximately 65KB. To mitigate this issue, users should upgrade to the fixed version when available. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 6.0 | 0.01% | 2026-04-29 | 2026-05-04 |
| CVE-2026-7422 | Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection mechanism skips all input validation for packets whose source MAC matches a local endpoint. To mitigate this issue, users should upgrade to the fixed version when available. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.1 | 0.02% | 2026-04-29 | 2026-05-04 |
| CVE-2026-6968 | Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy_target/link_target, symlinked parent directories in save_target, or symlinked metadata filenames in SignedRole::write, because write paths trust the joined destination path without post-resolution containment verification. We recommend you upgrade to tough-v0.22.0 / tuftool-v0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.1 | 0.08% | 2026-04-24 | 2026-05-06 |
| CVE-2026-6967 | Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cache, because load_delegations does not apply the same validation checks as the top-level targets metadata path. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.1 | 0.02% | 2026-04-24 | 2026-05-06 |
| CVE-2026-6966 | Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role metadata. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.0 | 0.03% | 2026-04-24 | 2026-05-06 |
| CVE-2026-31431 KEV | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 2.23% | 2026-04-22 | 2026-05-21 |
| CVE-2026-6437 | Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users should upgrade to version v3.0.1 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 6.9 | 0.03% | 2026-04-17 | 2026-06-01 |
| CVE-2026-5747 | An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. T | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.7 | 0.01% | 2026-04-08 | 2026-06-01 |
| CVE-2026-5709 | Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.7 | 0.07% | 2026-04-06 | 2026-04-10 |
| CVE-2026-5708 | Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environ | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.7 | 0.06% | 2026-04-06 | 2026-04-10 |
| CVE-2026-5707 | Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.7 | 0.11% | 2026-04-06 | 2026-04-10 |
| CVE-2026-5485 | OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To remediate this issue, users should upgrade to version 2.0.5.1 or later. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.3 | 0.10% | 2026-04-03 | 2026-04-14 |
| CVE-2026-35562 | Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this issue, users should upgrade to version 2.1.0.0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.7 | 0.08% | 2026-04-03 | 2026-04-14 |
| CVE-2026-35561 | Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0.0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 9.1 | 0.03% | 2026-04-03 | 2026-04-14 |