Which versions of AWS Ops Wheel are affected by CVE-2026-6912?

CVE-2026-6912 is a privilege escalation vulnerability in AWS Ops Wheel that allows authenticated low-privilege users to gain deployment administrator access through Cognito API manipulation,…. A patch is available.

How to fix or mitigate CVE-2026-6912?

Within 24 hours: Identify all deployments running AWS Ops Wheel versions prior to PR #165 and document affected systems. Within 7 days: Apply vendor-released patch via GitHub PR #165 and AWS security bulletin AMZN-2026-018 to all affected AWS Ops Wheel instances; verify patch deployment in development/staging environments first. Within 30 days: Conduct access reviews of Cognito User Pool custom:deployment_admin attributes across all patched systems; audit CloudTrail logs for suspicious UpdateUserAttributes API calls (60+ days prior); reset credentials for any accounts granted unexpected deployment admin privileges.

AWS Ops Wheel CVE-2026-6912

Q: What is the CVSS score of CVE-2026-6912?

CVE-2026-6912 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2026-25577 HIGH

Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915)

2026-04-24 AMZN

Privilege Escalation

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 24, 2026 - 18:07 vuln.today

cvss_changed

Analysis Generated

Apr 24, 2026 - 17:30 vuln.today

CVSS changed

Apr 24, 2026 - 17:22 NVD

8.8 (HIGH) 8.7 (HIGH)

EUVD ID Assigned

Apr 24, 2026 - 17:00 euvd

EUVD-2026-25577

Analysis Generated

Apr 24, 2026 - 17:00 vuln.today

Patch released

Apr 24, 2026 - 17:00 nvd

Patch available

CVE Published

Apr 24, 2026 - 16:11 nvd

HIGH 8.7

DescriptionNVD

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute.

To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.

AnalysisAI

Authenticated users with low privileges can escalate to deployment admin in AWS Ops Wheel (pre-PR #165) by manipulating the custom:deployment_admin attribute through crafted UpdateUserAttributes API calls to Cognito User Pool. This privilege escalation allows full control over Cognito user account management and deployment administration. …

RemediationAI

Within 24 hours: Identify all deployments running AWS Ops Wheel versions prior to PR #165 and document affected systems. Within 7 days: Apply vendor-released patch via GitHub PR #165 and AWS security bulletin AMZN-2026-018 to all affected AWS Ops Wheel instances; verify patch deployment in development/staging environments first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6912 vulnerability details – vuln.today

Back

AWS Ops Wheel CVE-2026-6912

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

AWS Ops Wheel CVE-2026-6912

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code