CVE-2026-3338— PKCS7_verify Signature Validation Bypass in AWS-LC
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-3338
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PKCS7_verify Signature Validation Bypass in AWS-LC
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
密码学签名的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
AWS libcrypto 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AWS libcrypto是Amazon Web Services开源的一个通用加密库。 AWS libcrypto 1.69.0之前版本存在安全漏洞,该漏洞源于PKCS7_verify函数签名验证不当,在处理具有已验证属性的PKCS7对象时可能绕过签名验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-3338
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-3338
请登录查看更多情报信息。
Same Patch Batch · AWS · 2026-03-02 · 3 CVEs total
| CVE-2026-3336 | 7.5 HIGH | PKCS7_verify Certificate Chain Validation Bypass in AWS-LC |
| CVE-2026-3337 | 5.9 MEDIUM | Timing Side-Channel in AES-CCM Tag Verification in AWS-LC |
IV. Related Vulnerabilities
Same vendor: AWS
- CVE-2026-7461
OS Command Injection in Amazon ECS Agent via FSx Windows Fil - CVE-2026-7426
Out-of-Bounds Write via Unsanitized Prefix Length in Router - CVE-2026-7425
Out-of-Bounds Read in Router Advertisement Option Parser in - CVE-2026-7424
Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Pl - CVE-2026-7423
Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-
Same weakness: CWE-347
- CVE-2026-42193
Plunk: SNS webhook forgery - CVE-2026-44497
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type - CVE-2026-41669
Admidio: SAML Signature Validation Result Ignored — Forged A - CVE-2026-7689
Dolibarr ERP CRM Online Signature security.lib.php dol_verif - CVE-2026-33467
Improper Verification of Cryptographic Signature in Elastic
V. Comments for CVE-2026-3338
No comments yet