CVE-2026-6968— Multiple Path Traversal Variants in awslabs/tough

CVSS 5.9 · Medium EPSS 0.08% · P23 Updated Apr 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-6968

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Multiple Path Traversal Variants in awslabs/tough

Source: NVD (National Vulnerability Database)

Vulnerability Description

Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy_target/link_target, symlinked parent directories in save_target, or symlinked metadata filenames in SignedRole::write, because write paths trust the joined destination path without post-resolution containment verification. We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Amazon tough 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Amazon tough是美国亚马逊（Amazon）公司的一个The Update Framework（TUF）存储库的 Rust 客户端库。 tough tough-v0.22.0之前版本存在路径遍历漏洞，该漏洞源于路径遍历修复不完整，可能导致远程认证用户通过绝对目标名称、符号链接父目录或符号链接元数据文件名写入预期输出目录之外的文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
AWS	tough	-	-
AWS	tuftool	-	-

II. Public POCs for CVE-2026-6968

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-6968

请登录查看更多情报信息。

Same Patch Batch · AWS · 2026-04-24 · 5 CVEs total

CVE-2026-6911	9.8 CRITICAL	Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel
CVE-2026-6912	8.8 HIGH	Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel
CVE-2026-6967	5.9 MEDIUM	Missing Delegated Metadata Validation in awslabs/tough
CVE-2026-6966	5.3 MEDIUM	Signature Threshold Bypass in awslabs/tough Delegated Roles

IV. Related Vulnerabilities

Same product: tough

Same vendor: AWS

Same weakness: CWE-22

V. Comments for CVE-2026-6968

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-6968— Multiple Path Traversal Variants in awslabs/tough

I. Basic Information for CVE-2026-6968

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-6968

III. Intelligence Information for CVE-2026-6968

Same Patch Batch · AWS · 2026-04-24 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-6968

Leave a comment