Known Vulnerabilities for products from Amazon

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Amazon".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Amazon can be found at device.report : Amazon

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-61448 json Not Provided 2026-07-11 2026-07-11
CVE-2026-53961 json Not Provided 2026-07-09 2026-07-10
CVE-2026-53034 json Not Provided 2026-06-24 2026-06-24
CVE-2026-50196 json Not Provided 2026-06-17 2026-06-18
CVE-2026-42526 json Not Provided 2026-05-19 2026-05-19
CVE-2026-42196 json Not Provided 2026-05-12 2026-05-13
CVE-2026-42193 json Not Provided 2026-05-08 2026-05-11
CVE-2026-35562 json Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a th... Not Provided 2026-04-03 2026-04-14
CVE-2026-35561 json Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver bef... Not Provided 2026-04-03 2026-04-14
CVE-2026-35560 json Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 mi... Not Provided 2026-04-03 2026-04-14
CVE-2026-35559 json Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor... Not Provided 2026-04-03 2026-04-14
CVE-2026-35558 json Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 migh... Not Provided 2026-04-03 2026-04-14
CVE-2026-15296 json Not Provided 2026-07-10 2026-07-10
CVE-2026-14471 json Not Provided 2026-07-06 2026-07-07
CVE-2026-14265 json Not Provided 2026-07-01 2026-07-02
CVE-2026-13763 json Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actor... Not Provided 2026-06-29 2026-07-01
CVE-2026-13762 json Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass ... Not Provided 2026-06-29 2026-07-01
CVE-2026-10591 json Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote una... Not Provided 2026-06-02 2026-06-05
CVE-2026-9255 json Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute... Not Provided 2026-05-22 2026-06-04
CVE-2026-7461 json Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon EC... Not Provided 2026-04-30 2026-05-05

Known software with vulnerabilities from Amazon

Type Vendor Product Version
ApplicationAmazonAmazon Freertos1.0.0
ApplicationAmazonAmazon Music6.1.5.1213
ApplicationAmazonAmazon Web Services Cloudformation Bootstrap-
ApplicationAmazonAmazon Web Services Freertos1.0.0
ApplicationAmazonAmazon Web Services Software Development Kit2.0.5
ApplicationAmazonAudible2.34.0
ApplicationAmazonAws-lambda0.0.1
ApplicationAmazonAws Command Line Interface-
Operating
System
AmazonAws Command Line Interface-
ApplicationAmazonAws Encryption Sdk-
ApplicationAmazonAws Javascript S3 Explorer1.0.0
ApplicationAmazonAws S3 Crypto Sdk-
ApplicationAmazonAws Sdk For Javascipt-
ApplicationAmazonAws Shared Configuration File Loader0.1.0
HardwareAmazonBlink Xt2 Sync Module-
Operating
System
AmazonBlink Xt2 Sync Module Firmware2.13.11
ApplicationAmazonCorretto11
ApplicationAmazonEc2 Api Tools Java Library-
ApplicationAmazonElastic Load Balancing Api Tools-
ApplicationAmazonFirecracker0.1.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report