VYPR

Tuftool

by Amazon

cargo: tuftool

Source repositories

CVEs (3)

  • CVE-2026-6968MedApr 24, 2026
    risk 0.38cvss 5.9epss 0.01

    Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy_target/link_target, symlinked parent directories in…

  • CVE-2026-6967MedApr 24, 2026
    risk 0.38cvss 5.9epss 0.00

    Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the…

  • CVE-2026-6966MedApr 24, 2026
    risk 0.34cvss 5.3epss 0.00

    Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept…