Aws Encryption Sdk For Python

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-6550 MEDIUM PATCH This Month

Cryptographic algorithm downgrade in AWS Encryption SDK for Python's caching layer allows authenticated local attackers to bypass key commitment policy enforcement through a shared key cache, enabling decryption of single ciphertext to multiple different plaintexts. Affected versions include Python 2 up to 2.5.1, Python 3 up to 3.3.0, and Python 4 up to 4.0.4. AWS has released vendor patches (versions 3.3.1, 4.0.5, and later) to remediate the vulnerability, which requires local access and authenticated credentials but has no known public exploit.

Authentication Bypass Python Aws Encryption Sdk For Python
NVD GitHub VulDB
CVSS 4.0
5.7
CVE-2026-6550
CVSS 5.7
MEDIUM PATCH This Month

Cryptographic algorithm downgrade in AWS Encryption SDK for Python's caching layer allows authenticated local attackers to bypass key commitment policy enforcement through a shared key cache, enabling decryption of single ciphertext to multiple different plaintexts. Affected versions include Python 2 up to 2.5.1, Python 3 up to 3.3.0, and Python 4 up to 4.0.4. AWS has released vendor patches (versions 3.3.1, 4.0.5, and later) to remediate the vulnerability, which requires local access and authenticated credentials but has no known public exploit.

Authentication Bypass Python Aws Encryption Sdk For Python
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy