CVE-2026-6912— Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6912
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-915
Source: NVD (National Vulnerability Database)
Vulnerability Title
AWS Ops Wheel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AWS Ops Wheel是Amazon Web Services开源的一个支持多租户的随机选择工具。 AWS Ops Wheel存在安全漏洞,该漏洞源于Cognito用户池配置中动态确定对象属性的修改控制不当,可能导致远程经过身份验证的用户通过特制的UpdateUserAttributes API调用提升为部署管理员权限并管理Cognito用户账户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AWS | AWS Ops Wheel | 0 ~ 164 | - |
II. Public POCs for CVE-2026-6912
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6912
请登录查看更多情报信息。
Same Patch Batch · AWS · 2026-04-24 · 5 CVEs total
| CVE-2026-6911 | 9.8 CRITICAL | Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel |
| CVE-2026-6968 | 5.9 MEDIUM | Multiple Path Traversal Variants in awslabs/tough |
| CVE-2026-6967 | 5.9 MEDIUM | Missing Delegated Metadata Validation in awslabs/tough |
| CVE-2026-6966 | 5.3 MEDIUM | Signature Threshold Bypass in awslabs/tough Delegated Roles |
IV. Related Vulnerabilities
Same vendor: AWS
- CVE-2026-7461
OS Command Injection in Amazon ECS Agent via FSx Windows Fil - CVE-2026-7426
Out-of-Bounds Write via Unsanitized Prefix Length in Router - CVE-2026-7425
Out-of-Bounds Read in Router Advertisement Option Parser in - CVE-2026-7424
Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Pl - CVE-2026-7423
Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-
Same weakness: CWE-915
- CVE-2025-14341
Input Data Manipulation in DivvyDrive Information Technologi - CVE-2026-41139
Unsafe array index getter in mathjs - CVE-2026-33453
Apache Camel: CoAP URI Query Parameter to Exchange Header In - CVE-2026-42044
Axios: Invisible JSON Response Tampering via Prototype Pollu - CVE-2026-40897
Math.js: Unsafe object property setter in mathjs
V. Comments for CVE-2026-6912
No comments yet