Amazon · Aws Encryption Sdk For Python · CVE-2026-6550
**Name of the Vulnerable Software and Affected Versions**
Amazon AWS Encryption SDK for Python versions prior to 3.3.1
Amazon AWS Encryption SDK for Python versions prior to 4.0.5
**Description**
A cryptographic algorithm downgrade in the caching layer may allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache. This can result in ciphertext that can be decrypted to multiple different plaintexts.
**Recommendations**
Upgrade to version 3.3.1 or above.
Upgrade to version 4.0.5 or above.