← Volver a CVEs
CVE-2026-6550
MEDIUM4.7
Descripcion
Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decrypted to multiple different plaintexts. To remediate this issue, users should upgrade to version 3.3.1, 4.0.5 or above.
Detalles CVE
Puntuacion CVSS v3.14.7
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Vector de ataqueLOCAL
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/20/2026
Ultima modificacion4/21/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-757
Referencias
https://aws.amazon.com/security/security-bulletins/2026-017-aws/(ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/aws/aws-encryption-sdk-python/releases/tag/v3.3.1(ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/aws/aws-encryption-sdk-python/releases/tag/v4.0.5(ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/aws/aws-encryption-sdk-python/security/advisories/GHSA-v638-38fc-rhfv(ff89ba41-3aa1-4d27-914a-91399e9639e5)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.