CVE-2026-33697

Name of the Vulnerable Software and Affected Versions Cocos AI versions 0.4.0 through 0.8.2

Description Cocos AI, a confidential computing system for AI, has a weakness in its attested TLS (aTLS) implementation. This allows for a relay attack where an attacker may be able to extract the ephemeral TLS private key used during the attestation process. Possession of this key allows the attacker to relay or divert the attested TLS session, impersonating the CoCoS service and potentially accessing sensitive data. The vulnerability is architectural and affects both AMD SEV-SNP and Intel TDX deployment targets. The aTLS implementation was redesigned in version 0.7.0, but this did not resolve the issue. Exploitation requires extracting the ephemeral TLS private key, which may be possible through physical access, transient execution attacks, or side-channel attacks.

Recommendations Versions 0.4.0 through 0.8.2 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability. Keep TEE firmware and microcode up to date to reduce the key-extraction surface. Define strict attestation policies that validate all available report fields, including firmware versions, TCB levels, and platform configuration registers. Enable mutual aTLS with CA-signed certificates where deployment architecture permits.