PT-2026-2231 · Amazon Web Services · Aws Sdk For .Net

Guy Arazi

Publicado

2026-01-09

Atualizado

2026-01-10

CVE-2026-22611

CVSS v3.1

3.7

Baixa

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions AWS SDK for .NET versions 4.0.0 through 4.0.3.2

Description The AWS SDK for .NET, used with Amazon Web Services for building scalable solutions, is affected by an issue where applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This occurs when specific values are used for the region input field when calling AWS services. An attacker with access to the environment where the SDK is used could set the region input field to an invalid value.

Recommendations Update to version 4.0.3.3 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2026-22611

GHSA-9CVC-H2W8-PHRP

Produtos afetados

Aws Sdk For .Net

PT-2026-2231 · Amazon Web Services · Aws Sdk For .Net

CVE-2026-22611

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10