216.73.217.123

CVE-2026-22611

· Published 10/01/2026 06:15 · Modified 10/01/2026 06:15

Labels: CVE-2026-22611 2026-01-10CVE-2026-22611CWE-20[email protected]

Essential information

Published
10/01/2026 06:15
Modified
10/01/2026 06:15
Author
Creator
CVSS
3.7 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. This issue has been patched in version 4.0.3.3.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
amazon / aws sdk for dotnet cpe:2.3:a:amazon:aws_sdk_for_dotnet:4.0.0-4.0.3.2:*:*:*:*:*:*:*

References