Back to overview

CVE-2026-13769

MEDIUM
5.5
CVSS 3.1
Description
Overly permissive file permissions in AWS CLI before 1.44.78 (v1) and 2.34.29 (v2) on Unix-like systems where the umask has not been configured to restrict file permissions (the default on most systems) may allow other local users on the same host to read credentials written by certain CLI subcommands (aws codeartifact login, aws iam create-virtual-mfa-device, aws deploy register). To remediate this issue, users should upgrade to AWS CLI 1.44.78 (v1) or 2.34.29 (v2) or later.

Metadata

CVE ID
CVE-2026-13769
State
PUBLISHED
Assigner
AMZN
Reserved
2026-06-29 20:24 UTC
Published
2026-07-01 18:34 UTC
Last updated
2026-07-01 19:24 UTC
Primary CWE
CWE-732
CWE-732: Incorrect Permission Assignment for Critical Resour…
Vendor / Product
AWS / AWS CLI
Sources
cve.org  ·  NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
AWS AWS CLI 0 ≤ 1.44.77, 0 ≤ 2.34.28
Weakness (CWE)
CWESourceDescription
CWE-732 cna CWE-732: Incorrect Permission Assignment for Critical Resource
CVSS scores (2)
ScoreSeverityVersionSourceVector
6.8 MEDIUM 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
5.5 MEDIUM 3.1 cna CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Back to overview