AWS security advisories
7 threat alerts tracking vulnerabilities and security advisories that affect AWS products.
Vulnios monitors AWS CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent AWS security news in one place, or click into an individual alert for full detail.
Felons, Fraudsters Flog Offensive Cybersecurity Startup
Krebs on Security published an research on "Felons, Fraudsters Flog Offensive Cybersecurity Startup". Topic areas: news, breach, investigation, zero-day. Published July 8, 2026. See the original sourc
criticalCVE-2026-14904 - Improper Link Resolution in Auth.GetUserPrivateKey in AWS Research and Engineering Studio
Bulletin ID: 2026-053-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/07/2026 09:45 AM PDT Description: AWS Research and Engineering Studio (RES) is an open-source sol
criticalCVE-2026-14904CVE-2026-14471 - Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry
Bulletin ID: 2026-052-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/06/2026 13:45 PM PDT Description: Amazon mcp-gateway-registry is an open-source gateway and regis
criticalCVE-2026-14471VU#639124: Multiple local privilege escalation vulnerabilities in Little Orbits GameFirst Anti-Cheat
Overview The GamersFirst Anti-Cheat (GFAC) driver GFAC.sys contains multiple local privilege escalations and denial-of-service vulnerabilities stemming from insecure handling of user-controlled input
criticalCVE-2026-12166CVE-2026-14265- Deserialization of Untrusted Data in AWS Advanced JDBC Wrapper RemoteQueryCachePlugin
Bulletin ID: 2026-051-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/01/2026 12:45 PM PDT Description: The AWS Advanced JDBC Wrapper is an open-source JDBC driver wra
criticalCVE-2026-14265CVE-2026-13769 – Insecure file permissions in AWS CLI
Bulletin ID: 2026-049-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/01/2026 11:45 AM PDT Description: The AWS Command Line Interface (AWS CLI) is a unified tool for
criticalCVE-2026-13769CVE-2026-13760 - OS Command Injection in NodejsFunction Docker Bundling in aws-cdk-lib
Bulletin ID: 2026-050-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/01/2026 12:15 PM PDT Description: AWS CDK (aws-cdk-lib) is an open-source framework for defining
criticalCVE-2026-13760
Track AWS exposure across your environment
Vulnios automatically cross-references your asset inventory against new AWS CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan