Is Aws affected by CVE-2026-3338?

A critical signature validation flaw in AWS-LC could allow attackers to forge digital signatures on PKCS7 objects, potentially compromising the integrity of signed documents and communications.

CVE-2026-3338

HIGH

2026-03-02 ff89ba41-3aa1-4d27-914a-91399e9639e5

GHSA-hfpc-8r3f-gw53

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 02, 2026 - 22:16 nvd

HIGH 7.5

Description

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

Analysis

PKCS7 signature validation bypass in AWS-LC allows unauthenticated attackers to forge valid signatures on PKCS7 objects containing Authenticated Attributes, potentially enabling malicious code execution or data tampering in applications relying on this cryptographic library. Applications using AWS-LC should immediately upgrade to version 1.69.0, while AWS service customers are not directly impacted. …

Remediation

Within 24 hours: Inventory all systems running AWS-LC library and identify applications processing PKCS7 objects with Authenticated Attributes. Within 7 days: Implement network segmentation to restrict untrusted input sources and enable signature validation logging to detect anomalies. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2026-3338 vulnerability details – vuln.today

Back

CVE-2026-3338

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-3338

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code