Aws Ops Wheel vulnerabilities
2 known vulnerabilities affecting aws/aws_ops_wheel.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-6911P2CRITICALCVSS 9.8fixed in 1632026-04-24
CVE-2026-6911 [CRITICAL] CWE-347 CVE-2026-6911: Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT to
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the
nvd
CVE-2026-6912P3HIGHCVSS 8.8fixed in 1642026-04-24
CVE-2026-6912 [HIGH] CWE-915 CVE-2026-6912: Improperly controlled modification of dynamically-determined object attributes in the Cognito User P
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute.
T
nvd