@hulumi/baseline CVE-2026-48037
MEDIUMLifecycle Timeline
2Blast Radius
ecosystem impact- 1 npm packages depend on @hulumi/baseline (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 1.4.0.
DescriptionCVE.org
Affected: @hulumi/baseline < 1.4.0 - Fixed in: 1.4.0 - Severity: Medium - CWE-693 (Protection Mechanism Failure)
Summary
AccountFoundation can either create AWS detective services (GuardDuty for threat detection, Security Hub for compliance dashboards) or reuse pre-existing ones via opt-in flags. The reuse paths just imported the existing resources and reported success - they never checked whether the existing services were actually doing their job.
- GuardDuty reuse. If the existing detector was suspended, or set to the slower 6-hour publishing cadence instead of the baseline 15-minute one, or otherwise misconfigured - Hulumi never noticed. The deployment succeeded with a misleadingly-positive
guardDutyDetectorIdoutput as if the baseline were active. - Security Hub reuse. Although the account import was read-only, Hulumi unconditionally created the CIS / NIST
StandardsSubscriptionresources with default delete behaviour. Pulumi then treated those subscriptions as its own - a laterpulumi destroyof the stack would callBatchDisableStandards, unsubscribing the account from CIS / NIST compliance monitoring even on accounts that had those subscriptions before Hulumi ever ran.
Impact
Consumers using AccountFoundation's reuse mode could:
- ship deployments that appeared to enable a detective baseline but actually weren't (case 1), or
- accidentally turn off CIS / NIST compliance monitoring on an existing account just by destroying a Hulumi stack (case 2 - no malicious intent needed; a normal stack teardown was enough).
Patches
Upgrade to @hulumi/baseline@1.4.0.
- GuardDuty reuse now asserts the imported detector is
ENABLEDwithfindingPublishingFrequency: FIFTEEN_MINUTES. Wrong posture fails the deploy at preview time. - Security Hub reuse creates the CIS / NIST
StandardsSubscriptionresources withretainOnDelete: true, so destroying a reused stack no longer unsubscribes the account.
Net-new (non-reuse) deployments are unchanged.
Workarounds
Don't reuse pre-existing detective services with AccountFoundation before upgrading. If reuse is unavoidable, manually verify detector posture out-of-band.
Resources
- PR #178 (Cluster G); regression tests in
packages/baseline/tests/guardduty-reuse-posture.test.ts and packages/baseline/tests/securityhub-reuse-retain.test.ts.
AnalysisAI
Silent security posture degradation in @hulumi/baseline (npm, versions < 1.4.0) allows AWS detective service configurations to appear active while being suspended, misconfigured, or inadvertently destroyed through normal Pulumi stack teardown operations. The AccountFoundation component's opt-in reuse mode for existing GuardDuty detectors and Security Hub configurations never validates imported resource state, meaning a suspended or slow-cadence GuardDuty detector silently passes deployment as healthy, and a routine pulumi destroy will call BatchDisableStandards to strip CIS/NIST compliance subscriptions from accounts that had those subscriptions before Hulumi was ever introduced. No public exploit identified at time of analysis; both failure modes are triggered by legitimate operator actions, not adversarial input.
Technical ContextAI
@hulumi/baseline is a Pulumi-based infrastructure-as-code npm library that manages AWS security baselines through an abstraction called AccountFoundation. The library supports two mutually exclusive deployment modes: creating AWS detective services from scratch, or importing (reusing) pre-existing ones via opt-in flags. CWE-693 (Protection Mechanism Failure) manifests in two distinct ways within the reuse paths. For GuardDuty, the Pulumi resource import brings the existing detector into state without ever reading or asserting the detector's status field or findingPublishingFrequency property - a suspended detector or one configured for the slower 6-hour cadence is imported identically to a healthy one, and the stack output guardDutyDetectorId is emitted regardless. For Security Hub, StandardsSubscription Pulumi resources (for CIS and NIST frameworks) are created without the retainOnDelete: true lifecycle flag, causing Pulumi to treat these pre-existing compliance subscriptions as stack-owned resources; when the stack is torn down, Pulumi calls BatchDisableStandards, permanently unsubscribing the account. The affected CPE is pkg:npm/@hulumi_baseline for all versions below 1.4.0.
RemediationAI
Upgrade to @hulumi/baseline@1.4.0, which contains two targeted fixes confirmed by PR #178 at https://github.com/kerberosmansour/hulumi/pull/178. GuardDuty reuse now asserts the imported detector is in ENABLED state with findingPublishingFrequency: FIFTEEN_MINUTES at Pulumi preview time, causing misconfigured or suspended detectors to fail the deployment before any changes are applied. Security Hub reuse now sets retainOnDelete: true on all created StandardsSubscription resources, so running pulumi destroy on a reused stack will no longer call BatchDisableStandards or remove CIS/NIST compliance subscriptions. Regression tests are available at packages/baseline/tests/guardduty-reuse-posture.test.ts and packages/baseline/tests/securityhub-reuse-retain.test.ts in the repository. If an immediate upgrade is not possible, the vendor-recommended workaround is to disable the reuse mode entirely and allow AccountFoundation to create detective services from scratch. If reuse mode is unavoidable before upgrading, manually verify GuardDuty detector posture via the AWS Console or CLI (confirm ENABLED status and 15-minute finding publishing frequency) and avoid running pulumi destroy on any stack using Security Hub reuse until the upgrade is applied; note that avoiding destroy is a significant operational constraint that may interfere with normal environment lifecycle management.
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-cj8g-prcm-mfg5