CVE-2026-10584

Source
https://cve.org/CVERecord?id=CVE-2026-10584
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10584.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-10584
Published
2026-06-02T19:08:01.019Z
Modified
2026-07-08T08:12:40.143716275Z
Severity
  • 8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
HTTPS Fallback to HTTP in Graph Explorer
Details

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS.

To remediate this issue, users should upgrade to Graph Explorer v3.0.1 or later.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10584.json",
    "cna_assigner": "AMZN",
    "cwe_ids": [
        "CWE-319"
    ]
}
References

Affected packages

Git / github.com/aws/graph-explorer

Affected ranges

Type
GIT
Repo
https://github.com/aws/graph-explorer
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "1.1.0"
        },
        {
            "fixed": "3.0.1"
        },
        {
            "introduced": "0"
        }
    ]
}

Affected versions

v1.*
v1.1.0
v1.10.0
v1.10.1
v1.11.0
v1.12.0
v1.12.1
v1.13.0
v1.14.0
v1.14.1
v1.15.0
v1.16.0
v1.2.0
v1.3.0
v1.3.1
v1.4.0
v1.5.0
v1.5.1
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.3.1
v2.4.0
v2.4.1
v2.5.0
v3.*
v3.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10584.json"