Skip to main content

Aws Ops Wheel

1 CVEs product

Monthly

CVE-2026-6912 HIGH PATCH This Week

Authenticated users with low privileges can escalate to deployment admin in AWS Ops Wheel (pre-PR #165) by manipulating the custom:deployment_admin attribute through crafted UpdateUserAttributes API calls to Cognito User Pool. This privilege escalation allows full control over Cognito user account management and deployment administration. Upstream fix available via GitHub PR #165; AWS security bulletin AMZN-2026-018 confirms patch availability. No active exploitation confirmed (not in CISA KEV), but CVSS 8.7 reflects critical impact across confidentiality, integrity, and availability.

Privilege Escalation Aws Ops Wheel
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Authenticated users with low privileges can escalate to deployment admin in AWS Ops Wheel (pre-PR #165) by manipulating the custom:deployment_admin attribute through crafted UpdateUserAttributes API calls to Cognito User Pool. This privilege escalation allows full control over Cognito user account management and deployment administration. Upstream fix available via GitHub PR #165; AWS security bulletin AMZN-2026-018 confirms patch availability. No active exploitation confirmed (not in CISA KEV), but CVSS 8.7 reflects critical impact across confidentiality, integrity, and availability.

Privilege Escalation Aws Ops Wheel
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy