EEF-CVE-2026-47074
- Source
- https://cna.erlef.org/osv/EEF-CVE-2026-47074.html
- Import Source
- https://cna.erlef.org/osv/EEF-CVE-2026-47074.json
- JSON Data
- https://api.osv.dev/v1/vulns/EEF-CVE-2026-47074
- Aliases
-
- CVE-2026-47074
- GHSA-8jgf-23q5-x7xx
- Published
- 2026-05-28T09:05:54.815Z
- Modified
- 2026-05-29T04:40:43.232Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- ex_aws_sns SigningCertURL not validated in verify_message/1
- Details
-
Summary
Improper Certificate Validation vulnerability in ex-aws exawssns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation.
This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines 'Elixir.ExAws.SNS':verify_message/1, 'Elixir.ExAws.SNS.PublicKeyCache':get/1.
'Elixir.ExAws.SNS':verifymessage/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that the host matches an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to an endpoint that calls verifymessage/1 can supply an attacker-controlled SigningCertURL, sign a forged SNS message with their own key, and cause the function to return :ok, completely bypassing SNS signature verification.
This issue affects exawssns: from 2.0.1 before 2.3.5.
Configuration
The application must expose an HTTP endpoint that calls 'Elixir.ExAws.SNS':verify_message/1 on incoming request bodies.
- Database specific
{ "cwe_ids": [ "CWE-295" ], "cpe_ids": [ "cpe:2.3:a:ex_aws_sns_project:ex_aws_sns:*:*:*:*:*:*:*:*" ], "capec_ids": [ "CAPEC-473" ] }- References
- Credits
-
-
- Peter Ullrich - FINDER
-
- Bernard Duggan - REMEDIATION_DEVELOPER
-
- Jonatan Männchen / EEF - REMEDIATION_DEVELOPER
-
- Jonatan Männchen / EEF - ANALYST
-
Affected packages
Hex / ex_aws_sns
Package
- Name
- ex_aws_sns
- Purl
- pkg:hex/ex_aws_sns