What is CVE-2026-6550?

CVE-2026-6550 is a medium-severity vulnerability in Aws Encryption Sdk For Python, classified under CWE-757. CVSS score: 4.7/10. Published 2026-04-20.

How severe is CVE-2026-6550?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Vulnerability in Aws Encryption Sdk For Python

CVE-2026-6550

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a…

EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Aws Encryption Sdk For Python — versions 2, 3, 4

Weakness classification (CWE)

CWE-757

References

aws.amazon.com/security/security-bulletins/2026-017-aws/ (vendor-advisory)
github.com/aws/aws-encryption-sdk-python/releases/tag/v4.0.5 (patch)
github.com/aws/aws-encryption-sdk-python/releases/tag/v3.3.1 (patch)
github.com/aws/aws-encryption-sdk-python/security/advisories/GHSA-v638-38fc-rhfv (third-party-advisory)

Frequently asked questions

What is CVE-2026-6550?: CVE-2026-6550 is a medium-severity vulnerability in Aws Encryption Sdk For Python, classified under CWE-757. CVSS score: 4.7/10. Published 2026-04-20.
How severe is CVE-2026-6550?: Medium severity. CVSS v3 base score is 4.7 out of 10.