Known Vulnerabilities for products from Amazon

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Amazon".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Amazon can be found at device.report : Amazon

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-50196 json Not Provided 2026-06-17 2026-06-18
CVE-2026-42526 json Not Provided 2026-05-19 2026-05-19
CVE-2026-42196 json Not Provided 2026-05-12 2026-05-13
CVE-2026-42193 json Not Provided 2026-05-08 2026-05-11
CVE-2026-35562 json Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a th... Not Provided 2026-04-03 2026-04-14
CVE-2026-35561 json Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver bef... Not Provided 2026-04-03 2026-04-14
CVE-2026-35560 json Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 mi... Not Provided 2026-04-03 2026-04-14
CVE-2026-35559 json Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor... Not Provided 2026-04-03 2026-04-14
CVE-2026-35558 json Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 migh... Not Provided 2026-04-03 2026-04-14
CVE-2026-33726 json Not Provided 2026-03-27 2026-03-27
CVE-2026-10591 json Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote una... Not Provided 2026-06-02 2026-06-05
CVE-2026-9255 json Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute... Not Provided 2026-05-22 2026-06-04
CVE-2026-7461 json Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon EC... Not Provided 2026-04-30 2026-05-05
CVE-2026-7426 json Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6... Not Provided 2026-04-29 2026-05-04
CVE-2026-7425 json Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 a... Not Provided 2026-04-29 2026-05-04
CVE-2026-7424 json Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network ac... Not Provided 2026-04-29 2026-05-04
CVE-2026-7423 json Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent... Not Provided 2026-04-29 2026-05-04
CVE-2026-7422 json Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all c... Not Provided 2026-04-29 2026-05-04
CVE-2026-6968 json Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing... Not Provided 2026-04-24 2026-05-06
CVE-2026-6967 json Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allow... Not Provided 2026-04-24 2026-05-06
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Amazon

Type Vendor Product Version
ApplicationAmazonAmazon Freertos1.0.0
ApplicationAmazonAmazon Music6.1.5.1213
ApplicationAmazonAmazon Web Services Cloudformation Bootstrap-
ApplicationAmazonAmazon Web Services Freertos1.0.0
ApplicationAmazonAmazon Web Services Software Development Kit2.0.5
ApplicationAmazonAudible2.34.0
ApplicationAmazonAws-lambda0.0.1
ApplicationAmazonAws Command Line Interface-
Operating
System		AmazonAws Command Line Interface-
ApplicationAmazonAws Encryption Sdk-
ApplicationAmazonAws Javascript S3 Explorer1.0.0
ApplicationAmazonAws S3 Crypto Sdk-
ApplicationAmazonAws Sdk For Javascipt-
ApplicationAmazonAws Shared Configuration File Loader0.1.0
HardwareAmazonBlink Xt2 Sync Module-
Operating
System		AmazonBlink Xt2 Sync Module Firmware2.13.11
ApplicationAmazonCorretto11
ApplicationAmazonEc2 Api Tools Java Library-
ApplicationAmazonElastic Load Balancing Api Tools-
ApplicationAmazonFirecracker0.1.0
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report