Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 3, 2026

PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

CVE-2026-3336

Description

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.

Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

Affected products

Aws/AWS-LCllm-fuzzy
Range: <1.69.0
AWS/AWS-LCv5
Range: 1.41.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/aws/aws-lc/releases/tag/v1.69.0mitrepatch
aws.amazon.com/security/security-bulletins/2026-005-AWS/mitrevendor-advisory
github.com/aws/aws-lc/security/advisories/GHSA-cfwj-9wp5-wqvpmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000