Amazon Web Services · Aws-Lc · CVE-2026-3338
**Name of the Vulnerable Software and Affected Versions**
AWS-LC versions prior to 1.69.0
**Description**
A flaw exists in the `PKCS7 verify()` function within AWS-LC that permits an unauthenticated user to circumvent signature verification when handling PKCS7 objects containing Authenticated Attributes. This bypass occurs during the processing of PKCS7 objects.
**Recommendations**
Upgrade to AWS-LC version 1.69.0.