Is Aws affected by CVE-2026-3336?

CVE-2026-3336 is a certificate validation bypass vulnerability in AWS-LC that could allow attackers to forge or manipulate digital signatures in PKCS7 objects.

CVE-2026-3336

HIGH

2026-03-02 ff89ba41-3aa1-4d27-914a-91399e9639e5

GHSA-vw5v-4f2q-w9xf

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 02, 2026 - 22:16 nvd

HIGH 7.5

Description

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

Analysis

AWS-LC's PKCS7_verify() function fails to properly validate certificate chains in multi-signer scenarios, allowing unauthenticated attackers to forge signatures by bypassing verification of all but the final signer. This affects applications directly using AWS-LC library, though AWS service customers are unaffected. …

Remediation

Within 24 hours: Identify all systems and applications using AWS-LC, particularly those processing PKCS7-signed documents. Within 7 days: Implement input validation to reject PKCS7 objects with multiple signers until patching is available; review logs for suspicious PKCS7 processing activity. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2026-3336 vulnerability details – vuln.today

Back

CVE-2026-3336

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-3336

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code