PT-2026-2231 · Amazon Web Services · Aws Sdk For .Net

Guy Arazi

Published

2026-01-09

Updated

2026-01-10

CVE-2026-22611

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions AWS SDK for .NET versions 4.0.0 through 4.0.3.2

Description The AWS SDK for .NET, used with Amazon Web Services for building scalable solutions, is affected by an issue where applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This occurs when specific values are used for the region input field when calling AWS services. An attacker with access to the environment where the SDK is used could set the region input field to an invalid value.

Recommendations Update to version 4.0.3.3 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2026-22611

GHSA-9CVC-H2W8-PHRP

Affected Products

Aws Sdk For .Net

PT-2026-2231 · Amazon Web Services · Aws Sdk For .Net

CVE-2026-22611

Weakness Enumeration

Related Identifiers

Affected Products

References · 10