VYPR

AWS Ops Wheel

by AWS

Source repositories

CVEs (2)

  • CVE-2026-6911CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user…

  • CVE-2026-6912HigApr 24, 2026
    risk 0.50cvss 8.8epss 0.00

    Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted…