CVE-2026-6911

Name of the Vulnerable Software and Affected Versions AWS Ops Wheel (affected versions not specified)

Description Missing JWT signature verification allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application. This enables the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool via a crafted JWT sent to the API Gateway endpoint.

Recommendations Redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes.