Fixed Intel

CVE-2026-3336

High
CVSS 7.5

Description

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

CVSS Score

7.5/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Weakness Classification (CWE)

CWE-295CWE-295MITRE

Related Articles (2)

Industry News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

Mar 9, 2026

Malware & Threats

Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities.

Mar 10, 2026

References (3)

https://aws.amazon.com/security/security-bulletins/2026-005-AWS/ff89ba41-3aa1-4d27-914a-91399e9639e5https://github.com/aws/aws-lc/releases/tag/v1.69.0ff89ba41-3aa1-4d27-914a-91399e9639e5https://github.com/aws/aws-lc/security/advisories/GHSA-cfwj-9wp5-wqvpff89ba41-3aa1-4d27-914a-91399e9639e5

Risk Assessment

STANDARD

No elevated risk factors detected.

Details

Severity
High
CVSS
7.5
CWE
CWE-295
CISA KEV
No
Articles
2

Timeline

Published

Mar 2, 2026

External Links

NVD (NIST)CVE DetailsMITRE CVE