AWS Ops Wheel v2 flaws enabled admin takeover via JWT forgery and Cognito abuse
AWS disclosed two critical vulnerabilities in AWS Ops Wheel v2 that could let attackers seize full administrative control of customer deployments. CVE-2026-6911 stems from missing cryptographic verification of JWT signatures in the v2 API, allowing an unauthenticated attacker with network access to the API Gateway endpoint to forge tokens with arbitrary tenant and administrator claims. The flaw could expose all application data across tenants and permit management of Amazon Cognito user accounts; it affects deployments built from PR #147 through PR #163, while v1 is not affected. GitHub advisory GHSA-v5vr-8w3c-37x2 says the issue was fixed in PR #164, and temporary mitigations include restricting API Gateway access with AWS WAF or VPC controls.
A second issue, CVE-2026-6912, allowed any authenticated user to escalate privileges by modifying self-writable security-sensitive Cognito attributes such as custom:deployment_admin through the Cognito UpdateUserAttributes API. An attacker could promote their own account to deployment administrator, then read, modify, or delete cross-tenant data and manage all users in the deployment’s Cognito User Pool. That flaw affects the same PR #147-#163 range and was fixed in PR #165 by tightening Cognito WriteAttributes and adding server-side email verification tied to DEPLOYMENT_ADMIN_EMAILS. Because Ops Wheel is deployed into customer AWS accounts through CloudFormation, each affected deployment and any forks or derivative code must be individually updated.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
AWS Ops Wheel fixes CVE-2026-6912 in PR 165
AWS addressed CVE-2026-6912 in PR 165 by restricting Cognito WriteAttributes for sensitive fields and adding server-side email verification tied to DEPLOYMENT_ADMIN_EMAILS. Because Ops Wheel is deployed into customer AWS accounts via CloudFormation, each customer deployment must be individually updated.
AWS Ops Wheel discloses CVE-2026-6912 Cognito privilege escalation
AWS Ops Wheel disclosed CVE-2026-6912, a privilege-escalation flaw in v2 caused by a Cognito User Pool Client configuration that let authenticated users modify sensitive custom attributes on their own profiles. By setting attributes such as custom:deployment_admin, an attacker could obtain full deployment administrator privileges.
AWS Ops Wheel fixes CVE-2026-6911 in PR #164
AWS Ops Wheel addressed CVE-2026-6911 in PR #164 and advised users to redeploy the latest version and patch forks or derivative code. The issue affected v2 deployments built from PR #147 through PR #163, while v1 was not affected.
AWS Ops Wheel discloses CVE-2026-6911 JWT signature bypass
A security advisory disclosed CVE-2026-6911 in AWS Ops Wheel v2, where JWT tokens were accepted without cryptographic signature verification. An unauthenticated attacker with network access to the API Gateway endpoint could forge tokens to gain administrative access and access or modify cross-tenant data.
OpenStack publishes fixes and advisories for CVE-2025-65073
OpenStack published fixes and advisories for CVE-2025-65073 through OSSA-2025-002, with related downstream notices from Ubuntu and Debian. The flaw affects Keystone EC2 and S3 token endpoints and can let attackers replay AWS Signature Version 4 data from valid presigned URLs to impersonate users.
Ceph fixes CVE-2024-48916 JWT authentication bypass
Ceph addressed CVE-2024-48916 in RadosGW's OpenID Connect handling by updating rgw/sts logic to reject unsupported JWT algorithms and deny authentication when an invalid algorithm is detected. The flaw could let attackers use crafted JWTs with alg=none to bypass signature verification and gain unauthorized access.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Quick Look: CVE-2026-6912 Privilege Escalation via Self-Writable Cognito Attribute in AWS Ops Wheel - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceBrief Summary: CVE-2026-6911 - Critical JWT Signature Bypass in AWS Ops Wheel Enables Full Administrative Takeover - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceAuthentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel · Advisory · aws/aws-ops-wheel · GitHub
github.com
Open sourcefix(auth): Add RS256 signature verification to JWT token validation by amalleramzn · Pull Request #164 · aws/aws-ops-wheel · GitHub
github.com
Open sourceOpenStack Keystone CVE-2025-65073: Brief Summary of EC2/S3 Token Endpoint Authorization Bypass - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceCeph RadosGW JWT Authentication Bypass (CVE-2024-48916): Brief Summary and Patch Overview - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Critical AWS Ops Wheel Flaws Enable Admin Takeover via JWT Forgery and Cognito Abuse
AWS disclosed two severe vulnerabilities in **AWS Ops Wheel** that can let attackers seize administrative control of deployments and manipulate tenant data. **`CVE-2026-6911`** is an authentication bypass caused by missing JWT signature verification at the API Gateway endpoint, allowing unauthenticated attackers to forge tokens and gain unintended admin access. AWS said successful exploitation could let attackers read, modify, and delete application data across tenants and manage Cognito user accounts in the deployment's User Pool; the flaw is tracked as **`CWE-347`** and carries a critical **CVSS v3.1 `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`** rating. AWS also fixed **`CVE-2026-6912`**, a privilege-escalation issue in Ops Wheel's Cognito User Pool configuration that let authenticated users promote themselves to deployment administrator by setting the **`custom:deployment_admin`** attribute through the `UpdateUserAttributes` API. The bug, classified as **`CWE-915`**, exposed the same ability to manage Cognito user accounts and carried a high-severity **CVSS v3.1 `AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`** score. AWS directed customers to redeploy from the updated repository and apply the fixes to any forked or derivative code, with patches referenced in an AWS security bulletin, a GitHub pull request, and a GitHub security advisory.
Jun 29, 2026
AWS discloses multiple flaws across SageMaker, Redshift, RabbitMQ, Braket, and WorkSpaces
AWS published a series of security bulletins covering vulnerabilities across several products and SDKs, including **model artifact integrity verification issues** in the Amazon SageMaker Python SDK (`CVE-2026-8596`, `CVE-2026-8597`), a **heap out-of-bounds read** in `coreMQTT` MQTT5 property parsing (`CVE-2026-8686`), and a **remote code execution** flaw in the `amazon-redshift-python-driver` (`CVE-2026-8838`). The company also disclosed an **arbitrary file read** issue in the `rabbitmq-aws` plugin (`CVE-2026-9133`), **tool execution without authorization via piped stdin** in Kiro CLI (`CVE-2026-9255`), and **insecure deserialization** in Amazon Braket SDK job results processing (`CVE-2026-9291`). A separate advisory addressed **improper authentication token handling** in the Amazon WorkSpaces client for Linux. Taken together, the disclosures span cloud development tools, messaging components, data platforms, quantum-computing SDKs, and end-user clients, indicating a broad patching requirement for organizations using AWS software. Security teams should identify affected packages and clients in their environments and prioritize remediation for flaws that could enable **remote code execution, unauthorized actions, file disclosure, or unsafe processing of untrusted data**.
Jun 30, 2026
AWS Research and Engineering Studio Flaws Enable Root Command Execution and AWS Privilege Escalation
AWS disclosed two high-severity vulnerabilities in **Research and Engineering Studio (RES)** that affect releases from `2025.03` through versions prior to `2026.03`. The first, **`CVE-2026-5707`**, is a `CWE-78` command injection flaw in virtual desktop session name handling that could let a remote authenticated attacker execute arbitrary commands as **root** on a virtual desktop host by supplying a crafted session name. The issue carries a CVSS v3.1 rating of `AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`, reflecting high impact across confidentiality, integrity, and availability. AWS also disclosed **`CVE-2026-5708`**, a `CWE-915` privilege-escalation flaw in the RES `CreateSession` API caused by improper control of user-modifiable attributes. An authenticated attacker could use a crafted API request to escalate privileges, assume the virtual desktop host instance profile permissions, and access AWS resources and services. AWS directed customers to upgrade to **RES `2026.03`** or apply the vendor mitigation patch, with details published through an AWS security bulletin, a GitHub issue, and the RES `2026.03` release notes.
Jun 29, 2026