Amazon Web Services Latest Security Bulletins

Bulletin ID: 2026-004-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/02/02 14:30 PM PST Description: CVE-2026-1777 – Exposed HMAC in SageMaker Python SDK SageMaker Python SDK’s remote functions feature uses a per‑job HMAC key to protect the integrity of serialized functions, arguments, and results stored in S3. We identified an issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API. This allows third parties with DescribeTrainingJob permissions to extract the key, forge cloud-pickled payloads with valid HMACs, and overwrite S3 objects. CVE-2026-1778 – Insecure TLS Configuration in SageMaker Python SDK SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. We identified an issue where SSL certificate verification was globally disabled in the Triton Python backend. This configuration was introduced to work around SSL errors during model downloads from public sources (e.g., TorchVision) and it affected all HTTPS connections when the Triton Python model was imported. Impacted versions: – HMAC Configuration in SageMaker Python SDK v3 < v3.2.0 – HMAC Configuration in SageMaker Python SDK v2 < v2.256.0 – Insecure TLS Configuration in SageMaker Python SDK v3 < v3.1.1 – Insecure TLS Configuration in SageMaker Python SDK v2 < v2.256.0 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

Bulletin ID: 2026-003-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/23 12:30 PM PST Description: Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services. Firecracker runs in user space and uses the Linux Kernel-based Virtual Machine (KVM) to create microVMs. Each Firecracker microVM is further isolated with common Linux user-space security barriers by a companion program called “jailer”. The jailer provides a second line of defense in case a user escapes from the microVM boundaries and it is released at each Firecracker version. We are aware of CVE-2026-1386, an issue that is related to the Firecracker jailer, which under certain circumstances can allow an user to overwrite arbitrary files in the host filesystem. AWS services that use Firecracker are not impacted by the issue as we appropriately restrict access to the host and the jailer folder, blocking the preconditions required for the attack to happen. Impacted versions: Firecracker version v1.13.1 and earlier and 1.14.0 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

Bulletin ID: 2026-002-AWS Scope: AWS Content Type: Informational Publication Date: 2026/01/15 07:03 AM PST Description: A security research team identified a configuration issue affecting the following AWS-managed open source GitHub repositories that could have resulted in the introduction of inappropriate code: – aws-sdk-js-v3 – aws-lc – amazon-corretto-crypto-provider – awslabs/open-data-registry Specifically, researchers identified the above repositories’ configured regular expressions for AWS CodeBuild webhook filters intended to limit trusted actor IDs were insufficient, allowing a predictably acquired actor ID to gain administrative permissions for the affected repositories. We can confirm these were project-specific misconfigurations in webhook actor ID filters for these repositories and not an issue in the CodeBuild service itself. The researchers carefully demonstrated the potential to commit inappropriate code, through an empty code commit, to one repository and promptly informed AWS Security of their research activity and its potential negative impact. No inappropriate code was introduced to any of the affected repositories during this security research activity, the demonstrated empty code commit to one repository had no impact to any AWS customer environments and did not impact any AWS services or infrastructure. No customer action is required. Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

Bulletin ID: 2026-001-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/09 13:15 PM PST Description: Kiro is an agentic IDE users install on their desktop. We identified CVE-2026-0830 where opening a maliciously crafted workspace may lead to arbitrary command injection in Kiro IDE before Kiro version 0.6.18. This may occur if the workspace has specially crafted folder names within the workspace containing injected commands. Resolution: Kiro IDE <0.6.18 Please refer to the article below for the most up-to-date information related to this AWS Security Bulletin.

Bulletin ID: AWS-2025-032 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/17 12:15 PM PST We identify the following CVEs: CVE-2025-14763 – Key Commitment Issues in S3 Encryption Client in Java CVE-2025-14764 – Key Commitment Issues in S3 Encryption Client in Go CVE-2025-14759 – Key Commitment Issues in S3 Encryption Client in .NET CVE-2025-14760 – Key Commitment Issues in S3 Encryption Client in C++ – part of the AWS SDK for C++ CVE-2025-14761 – Key Commitment Issues in S3 Encryption Client in PHP – part of the AWS SDK for PHP CVE-2025-14762 – Key Commitment Issues in S3 Encryption Client in Ruby – part of the AWS SDK for Ruby Description: S3 Encryption Clients for Java, Go, .NET, C++, PHP, and Ruby are open-source client-side encryption libraries used to facilitate writing and reading encrypted records to S3. When the encrypted data key (EDK) is stored in an “Instruction File” instead of S3’s metadata record, the EDK is exposed to an “Invisible Salamanders” attack, which could allow the EDK to be replaced with a new key. Resolution: – S3 Encryption Client Java: <= 3.5.0 – S3 Encryption Client Go: <= 3.1.0 – S3 Encryption Client .NET: <= 3.1 – AWS SDK for C++: <= 1.11.711 – AWS SDK for PHP: <= 3.367.0 – AWS SDK for Ruby: <= 1.207.0

Bulletin ID: AWS-2025-031 Scope: AWS Content Type: Informational Publication Date: 2025/12/15 11:45 AM PST Description: Harmonix on AWS is an open source reference architecture and implementation of a Developer Platform that extends the CNCF Backstage project. We identified CVE-2025-14503 where an overly-permissive IAM trust policy in the Harmonix on AWS framework may allow authenticated users to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any account principal with sts:AssumeRole permissions to assume the role with administrative privileges. Resolution: v0.3.0 through v0.4.1

Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST Description: AWS is aware of the recently disclosed CVE-2025-55182 which affects the React Server Flight protocol in React versions 19.0, 19.1, and 19.2, as well as in Next.js versions 15.x, 16.x, Next.js 14.3.0-canary.77 and later canary releases when using App Router. This issue may permit unauthorized remote code execution on affected applications servers. AWS is aware of CVE-2025-66478, which has been rejected as a duplicate of CVE-2025-55182. Customers using managed AWS services are not affected, and no action is required. Customers running an affected version of React or Next.js in their own environments should update to the latest patched versions immediately: – Customers using React 19.x, with Server Functions and RSC Components should update to the latest patched versions 19.0.1, 19.1.2, and 19.2.1 – Customers using Next.js 15-16 with App Router should update to a patched version

Bulletin ID: AWS-2025-029 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/21 12:15 PM PDT Description: AWS Wickr is an end-to-end encrypted service that helps organizations communicate securely through messaging, voice and video calling, file sharing, and screen sharing. We identified CVE-2025-13524, which describes an issue in the Wickr calling service. Under certain conditions, which require the affected user to take a particular action within the application, the user’s audio stream remains open after they close their call window. This could result in audio from the affected user’s device continuing to stream unexpectedly to other call participants until those users drop the call, the affected user joins another call, or the affected user terminates their application. Impacted versions: AWS Wickr, Wickr Gov and Wickr Enterprise desktop (Windows, Mac and Linux) versions prior to 6.62.13.

Bulletin ID: AWS-2025-028 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/10 10:15 AM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that’s compatible with PostgreSQL. We identified CVE-2025-12967, an issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: – AWS JDBC Wrapper <2.6.5 – AWS Go Wrapper <2025-10-17 – AWS NodeJS Wrapper <2.0.1 – AWS Python Wrapper <1.4.0 – AWS ODBC driver <1.0.1